Can AWS block access from embargoed countries?

amazon-web-services amazon-route53
8,715

If you front your website with cloudfront, you could utilize their geo restriction feature. You could also use Route 53's geo DNS feature to null route the traffic.

http://aws.amazon.com/about-aws/whats-new/2013/12/18/amazon-cloudfront-adds-geo-restriction-feature/

http://aws.amazon.com/blogs/aws/route-53-domain-reg-geo-route-price-drop/

Share:
8,715

Related videos on Youtube

DrStrangepork
Author by

DrStrangepork

Updated on September 18, 2022

Comments

  • DrStrangepork
    DrStrangepork almost 2 years

    My company blocks US-embargoed countries from accessing several e-commerce sites that we manage. I have to investigate whether we can move our current blocking solution to AWS as well. If AWS does not offer a means by which to block these countries, there are some of our sites that, due to subsequent technical issues, can never move to AWS, so I need to know the technical offerings of AWS in order to provide guidance on what sites we can migrate to it and which we cannot. I know we could do this on the instance/iptables level, but because that would require modifying literally every front-end server, we are looking to do this blocking on the AWS service level only. Thanks!

    • DrStrangepork
      DrStrangepork over 10 years
      Understood. We are looking to do this blocking on the AWS level, not on the instance/iptables level.
    • DrStrangepork
      DrStrangepork over 10 years
      This question is NOT off-topic. I explicitly stated I don't want to get into a political debate about embargoed countries. I am looking for a technical analysis of AWS offerings that could be used to block embargoed countries. I know VPC can't do it. I know ELB can't do it. Are there other options?
    • LinuxDevOps
      LinuxDevOps over 10 years
      without a big analysis, I'd say you can restrict using IP origin with the following AWS services: EC2 & load balancers (using security groups), Cloud Front and S3. (BTW I don't think the question is off-topic, just too broad)
    • DrStrangepork
      DrStrangepork over 10 years
      I have an answer from AWS Support, so I'd like to answer this question.
    • Michael Hampton
      Michael Hampton over 10 years
      Go right ahead. The question is certainly reasonable enough, even if the reason you have to do this is something that many people may disagree with. Compliance with relevant laws or regulations is part of our jobs.
  • DrStrangepork
    DrStrangepork almost 10 years
    While the CloudFront option would have addressed the root issue, the answer I was looking for and needed to implement is the Route 53 Geo Routing (Geo DNS) option (the second link above). This was unavailable at the time of my post, but since it now exists, this is the answer.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Route53 route subdomain to AWS Lambda?
AWS Route 53 DNS not resolving to subdomain
How can I troubleshoot a Route 53 hosted zone?
AWS Route 53: How to migrate a hosted zone from one account to another completely?
DNS A record is not working with Amazon Route 53
How do I create DNS entries for EC2 instances created by Auto Scaling?
Should I transfer my domain to AWS? AWS Route53 price vs GoDaddy
How to setup AWS Route53 Alias and CNAME
AWS Route 53 alias-record change takes too long
AWS Solution for wildcard subdomains (with SSL)