A company's web application, hosted on EC2 instances with an Application Load Balancer, must now be restricted to access from a single country as per new policy. What is the appropriate configuration to enforce this restriction?