I am trying to allow countries via CloudFront as per our business requirement. Now this works easily due to their Geo restrictions.
Now the issue is that my country is also blocked but I want to allow my IP address to access that CloudFront location as well. How can I do that? I googled and found WAF can help but WAF allows IP address not countries.
Is there a way to do this or do I need to go for VPN approach (which I don’t want to)?
2
Answers
You can use following step to configure the whitelist IPs
To add geographic restrictions to your CloudFront web distribution (console)
Sign in to the AWS Management Console and open the CloudFront console at https://console.aws.amazon.com/cloudfront/v3/home.
Choose the distribution that you want to update.
Choose Geographic restrictions.
Choose Edit.
Select Allow list to create a list of allowed countries, or Block list to create a list of blocked countries.
Add the desired countries to the list, then choose Save changes.
You can use WAF, you need to create WEB ACL rule to allow list of IPs https://aws.amazon.com/premiumsupport/knowledge-center/waf-allow-my-ip-block-other-ip/. WAF can also handle geo restrictions https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html. Just be mindful of the cost when you use WAF on top of cloudfront , specially if you receive lot of traffic on your website.