CloudFront Distributions Should Have Geo Restriction Enabled

More Info:

Geo restriction should be enabled for your Amazon CloudFront CDN distribution to whitelist or blacklist a country in order to allow or restrict users in specific locations from accessing web application content.

Risk Level

Low

Address

Security

Compliance Standards

SOC2, GDPR

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of CloudFront distributions not having Geo Restriction enabled in AWS using AWS CLI, follow these steps:

Open your terminal and ensure you have AWS CLI installed and configured with the necessary permissions to modify CloudFront distributions.
Identify the CloudFront distribution that needs Geo Restriction enabled. You can use the following command to list all the CloudFront distributions in your AWS account:
```
aws cloudfront list-distributions
```
This command will return a JSON object containing information about all the CloudFront distributions in your account.
Once you have identified the distribution that needs Geo Restriction enabled, you can use the following command to enable Geo Restriction:
```
aws cloudfront update-distribution --id <distribution-id> --distribution-config '{"GeoRestriction":{"RestrictionType":"whitelist","Quantity":0}}'
```
Replace <distribution-id> with the ID of the distribution that needs Geo Restriction enabled.
After running the above command, you should receive a JSON object containing information about the updated CloudFront distribution.
Verify that Geo Restriction has been enabled for the distribution by running the following command:
```
aws cloudfront get-distribution-config --id <distribution-id>
```
This command will return a JSON object containing the configuration of the specified CloudFront distribution. Verify that the GeoRestriction object is present and contains the correct configuration.

That’s it! You have successfully remediated the misconfiguration of CloudFront distributions not having Geo Restriction enabled in AWS using AWS CLI.

Using Python

To remediate the CloudFront Distributions should have Geo Restriction enabled misconfiguration in AWS using Python, follow the below steps:

Import the required libraries:

import boto3

Initialize AWS credentials:

aws_access_key_id = 'YOUR_AWS_ACCESS_KEY_ID'
aws_secret_access_key = 'YOUR_AWS_SECRET_ACCESS_KEY'
region_name = 'YOUR_AWS_REGION_NAME'

session = boto3.Session(
    aws_access_key_id=aws_access_key_id,
    aws_secret_access_key=aws_secret_access_key,
    region_name=region_name
)

cloudfront = session.client('cloudfront')

Get the list of CloudFront distributions:

distributions = cloudfront.list_distributions()

Loop through the distributions and check if Geo Restriction is enabled:

for distribution in distributions['DistributionList']['Items']:
    distribution_id = distribution['Id']
    distribution_config = cloudfront.get_distribution_config(Id=distribution_id)
    geo_restriction = distribution_config['DistributionConfig']['Restrictions']['GeoRestriction']['RestrictionType']
    if geo_restriction != 'whitelist':
        # Geo Restriction is not enabled, remediate the misconfiguration

Remediate the misconfiguration by enabling Geo Restriction:

distribution_config['DistributionConfig']['Restrictions']['GeoRestriction']['RestrictionType'] = 'whitelist'
cloudfront.update_distribution(
    DistributionConfig=distribution_config['DistributionConfig'],
    Id=distribution_id,
    IfMatch=distribution_config['ETag']
)

Note: This code assumes that you have the necessary AWS credentials and permissions to access and modify CloudFront distributions.

Additional Reading:

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

CloudFront Distributions Should Have Geo Restriction Enabled

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: