You can control which countries can or cannot access your CloudFront distribution.
Allowlist — only users from approved countries can access your content. Everyone else is blocked.
Blocklist — users from banned countries are blocked. Everyone else can access.
Country is detected using a third-party Geo-IP database that maps IP addresses to countries.
Common use case: Copyright laws — some content is only licensed for certain countries, so you block access everywhere else.
You update a file in S3 (your origin). But CloudFront edge locations still have the old cached version and will keep serving it until the TTL expires — which could be hours or a full day.
You update index.html in S3
|
CloudFront edges still serving old index.html
|
Users see outdated content until TTL expires
You can force CloudFront to immediately clear its cache and fetch fresh content from origin — without waiting for TTL.
You trigger invalidation
|
CloudFront clears cache at ALL edge locations
|
Next request fetches fresh content from S3
|
Users get updated content immediately
| Path | What gets cleared |
|---|---|
/* |
Everything — full cache wipe |
/index.html |
Only that specific file |
/images/* |
All files inside the images folder |
Where to do it: CloudFront → your distribution → Invalidations tab → Create invalidation → enter path → submit.
