diff --git a/main.tf b/main.tf
index c158104..94d537f 100644
--- a/main.tf
+++ b/main.tf
@@ -313,7 +313,8 @@ resource "aws_cloudfront_distribution" "this" {
 
   restrictions {
     geo_restriction {
-      restriction_type = "none"
+      restriction_type = var.restriction_type
+      locations        = var.restrictions_locations
     }
   }
 
diff --git a/variables.tf b/variables.tf
index 29dce89..8d75227 100644
--- a/variables.tf
+++ b/variables.tf
@@ -68,6 +68,18 @@ variable "tags" {
   default = {}
 }
 
+variable "restriction_type" {
+  description = "Apply for geo restrictions, values: none, whitelist, blacklist"
+  type        = string
+  default     = "none"
+}
+
+variable "restrictions_locations" {
+  description = "List of country codes"
+  type        = list(string)
+  default     = null
+}
+
 variable "proxy_paths" {
   type = list(object({
     origin_domain = string