Control: CloudFront distributions should have geo restriction enabled
Description
Geographic restriction is used to restrict access to all of the files that are associated with a distribution at the country level.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.cloudfront_distribution_geo_restrictions_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.cloudfront_distribution_geo_restrictions_enabled --shareSQL
This control uses a named query:
select arn as resource, case when restrictions -> 'GeoRestriction' ->> 'RestrictionType' = 'none' then 'alarm' else 'ok' end as status, case when restrictions -> 'GeoRestriction' ->> 'RestrictionType' = 'none' then title || ' Geo Restriction disabled.' else title || ' Geo Restriction enabled.' end as reason , region, account_idfrom aws_cloudfront_distribution;