How can I restrict users in certain locations from accessing web content served by my CloudFront distribution?
Last updated: 2019-05-30
I want to restrict users in certain countries from accessing the web content served by my Amazon CloudFront distribution. How can I do that?
Enable CloudFront geo restriction on your distribution by following these steps:
- Open the CloudFront console.
- Choose the distribution that you want to apply geo restriction to.
- Choose the Restrictions tab.
- Choose Edit.
- For Enable Geo-Restriction, choose Yes.
- For Restriction Type, choose Whitelist to allow access to certain countries, or choose Blacklist to block access from certain countries.
- For Countries, select the countries that you want to whitelist or blacklist. Then, choose Add.
- Choose Yes, Edit.
Note: You can set your CloudFront distribution to return a custom error message when a user from a blacklisted country tries to access content.
Consider these additional ways to restrict access to your content served through CloudFront:
- Be sure that any AWS security groups on your CloudFront origin have restricted HTTP or HTTPS access to the CloudFront IP address ranges. This prevents access to those IP addresses from outside of CloudFront.
- You can use AWS WAF to monitor and restrict HTTP and HTTPS requests, and to control access to your content.