Sanction Russia: Block traffic using CloudFront Geo Restriction

Andreas Wittig – 25 Feb 2022

Russia attacked a sovereign state this week. Most states condemn the attack and impose sanctions. Among other things, sanctions are intended to mobilize the Russian population to rise up against their aristocrat Putin. As of today, cloudonaut is no longer accessible from Russia. We want to show solidarity with the Ukrainian people and make clear to the AWS community in Russia that we stand up for peace.

Stop Russia!

We encourage you to follow us. If you use CloudFront as your CDN, the following CloudFormation and Terraform snippets enable CloudFront Geo Restriction to block traffic from Russia.

Block traffic from Russia with CloudFormation:

CloudFrontDistribution:
  Type: 'AWS::CloudFront::Distribution'
  Properties:
    DistributionConfig:
      # [...]
      Restrictions:
        GeoRestriction:
          Locations:
          - RU
          RestrictionType: blacklist

Block traffic from Russia with Terraform:

resource "aws_cloudfront_distribution" "distribution" {
  # [...]

  restrictions {
    geo_restriction {
      restriction_type = "blacklist"
      locations        = ["RU"]
    }
  }
}

With the geo restriction in place, visitors from Russia will receive a 403 (Forbidden) response from CloudFront.

“When the power of love overcomes the love of power the world will know peace.” Jimi Hendrix

Andreas Wittig

I’ve been building on AWS since 2012 together with my brother Michael. We are sharing our insights into all things AWS on cloudonaut and have written the book AWS in Action. Besides that, we’re currently working on bucketAV,HyperEnv for GitHub Actions, and marbot.

Here are the contact options for feedback and questions.

Sanction Russia: Block traffic using CloudFront Geo Restriction

Andreas Wittig

Further reading