A company is deploying a new application that requires strict access control based on user geolocation. The application is hosted on AWS and uses Amazon CloudFront for content delivery. Which AWS services would you integrate to enforce geolocation-based restrictions at the edge?