aws
diff --git a/‎packages/infrastructure/samples/infrastructure/java/src/java/groupId/constructs/websites/WebsiteConstruct.java.mustache
+8-13 b/‎packages/infrastructure/samples/infrastructure/java/src/java/groupId/constructs/websites/WebsiteConstruct.java.mustache
+8-13
diff --git a/‎packages/infrastructure/samples/infrastructure/python/src/constructs/websites/website.py.mustache
+5-12 b/‎packages/infrastructure/samples/infrastructure/python/src/constructs/websites/website.py.mustache
+5-12
diff --git a/‎packages/infrastructure/samples/infrastructure/typescript/src/constructs/websites/website.ts.mustache
+13-12 b/‎packages/infrastructure/samples/infrastructure/typescript/src/constructs/websites/website.ts.mustache
+13-12
diff --git a/‎packages/infrastructure/src/projects/java/infrastructure-java-project.ts
+4-1 b/‎packages/infrastructure/src/projects/java/infrastructure-java-project.ts
+4-1
diff --git a/‎packages/infrastructure/src/projects/python/infrastructure-py-project.ts
+3-1 b/‎packages/infrastructure/src/projects/python/infrastructure-py-project.ts
+3-1
diff --git a/‎packages/infrastructure/src/projects/typescript/infrastructure-ts-project.ts
+1-1 b/‎packages/infrastructure/src/projects/typescript/infrastructure-ts-project.ts
+1-1
@@ -4,9 +4,9 @@ import java.util.Map;
 import java.util.TreeMap;
 
 import software.amazon.awscdk.Stack;
-import software.amazon.awscdk.services.cloudfront.GeoRestriction;
+import io.github.cdklabs.cdknag.NagSuppressions;
+import io.github.cdklabs.cdknag.NagPackSuppression;
 import software.aws.pdk.identity.UserIdentity;
-import software.aws.pdk.static_website.DistributionProps;
 import software.aws.pdk.static_website.RuntimeOptions;
 import software.aws.pdk.static_website.StaticWebsite;
 import software.aws.pdk.static_website.StaticWebsiteProps;
@@ -23,7 +23,7 @@ public class {{{websiteName}}} extends Construct {
     public {{{websiteName}}}(Construct scope, String id, UserIdentity userIdentity{{#typeSafeApis}}, {{{apiName}}} {{{apiNameLowercase}}}{{/typeSafeApis}}) {
         super(scope, id);
 
-        new StaticWebsite(this, id, StaticWebsiteProps.builder()
+        StaticWebsite website = new StaticWebsite(this, id, StaticWebsiteProps.builder()
                 .websiteContentPath("{{{websiteDistRelativePath}}}")
                 .runtimeOptions(RuntimeOptions.builder()
                         .jsonPayload(new TreeMap<>(Map.of(
@@ -38,16 +38,11 @@ public class {{{websiteName}}} extends Construct {
                                 )
                                 )))
                         .build())
-                .distributionProps(DistributionProps.builder()
-                    .geoRestriction(GeoRestriction.allowlist(
-                        "AU",
-                        "ID",
-                        "IN",
-                        "JP",
-                        "KR",
-                        "SG",
-                        "US"))
-                    .build())
                 .build());
+        
+        NagSuppressions.addResourceSuppressions(website, Arrays.asList(NagPackSuppression.builder()
+            .id("AwsPrototyping-CloudFrontDistributionGeoRestrictions")
+            .reason("Suppressed to allow unrestricted access. Not recommended in production.")
+            .build()), true);
     }
 }
@@ -1,4 +1,5 @@
 from aws_cdk import Stack
+from cdk_nag import NagSuppressions, NagPackSuppression
 from constructs import Construct
 from aws_cdk.aws_cloudfront import GeoRestriction
 {{#typeSafeApis}}
@@ -12,7 +13,7 @@ class {{{websiteName}}}(Construct):
     def __init__(self, scope: Construct, id: str, user_identity: UserIdentity{{#typeSafeApis}}, {{{apiNameLowercase}}}: {{{apiName}}}{{/typeSafeApis}}, **kwargs) -> None:
         super().__init__(scope, id, **kwargs)
 
-        StaticWebsite(self, id,
+        website = StaticWebsite(self, id,
                       website_content_path='{{{websiteDistRelativePath}}}',
                       runtime_options=RuntimeOptions(
                         json_payload={
@@ -23,14 +24,6 @@ class {{{websiteName}}}(Construct):
                             'typeSafeApis': { {{#typeSafeApis}}'{{{apiName}}}': {{{apiNameLowercase}}}.api.api.url_for_path(){{^isLast}}, {{/isLast}}{{/typeSafeApis}} }
                         }
                       ),
-                      distribution_props=DistributionProps(
-                        geo_restriction=GeoRestriction.allowlist(
-                          "AU",
-                          "ID",
-                          "IN",
-                          "JP",
-                          "KR",
-                          "SG",
-                          "US"
-                        )
-                      ))
+        )
+
+        NagSuppressions.add_resource_suppressions(website, [NagPackSuppression(id='AwsPrototyping-CloudFrontDistributionGeoRestrictions', reason='Suppressed to allow unrestricted access. Not recommended in production.')], True)
@@ -1,7 +1,7 @@
 import { UserIdentity } from "@aws/pdk/identity";
 import { StaticWebsite } from "@aws/pdk/static-website";
 import { Stack } from "aws-cdk-lib";
-import { GeoRestriction } from "aws-cdk-lib/aws-cloudfront";
+import { NagSuppressions } from "cdk-nag";
 import { Construct } from "constructs";
 {{#typeSafeApis}}
 import { {{{apiName}}} } from "../apis/{{{apiNameLowercase}}}";
@@ -53,17 +53,18 @@ export class {{{websiteName}}} extends Construct {
           typeSafeWebSocketApis: { {{#typeSafeWebSocketApis}}{{{apiName}}}: props?.{{{apiNameLowercase}}}.api.defaultStage.url{{^isLast}},{{/isLast}}{{/typeSafeWebSocketApis}} },
         },
       },
-      distributionProps: {
-        geoRestriction: GeoRestriction.allowlist(
-          "AU",
-          "ID",
-          "IN",
-          "JP",
-          "KR",
-          "SG",
-          "US",
-        ),
-      },
     });
+
+    NagSuppressions.addResourceSuppressions(
+      website,
+      [
+        {
+          id: "AwsPrototyping-CloudFrontDistributionGeoRestrictions",
+          reason:
+            "Suppressed to allow unrestricted access. Not recommended in production.",
+        },
+      ],
+      true,
+    );
   }
 }
@@ -82,7 +82,10 @@ export class InfrastructureJavaProject extends AwsCdkJavaApp {
       "software.constructs/constructs",
       DependencyType.RUNTIME
     );
-    this.addDependency("software.constructs/[email protected]");
+    [
+      "software.constructs/[email protected]",
+      "io.github.cdklabs/[email protected]",
+    ].forEach((d) => this.addDependency(d));
 
     InfrastructureCommands.ensure(this);
 
 
@@ -82,7 +82,9 @@ export class InfrastructurePyProject extends AwsCdkPythonApp {
     ["pytest@^7", "syrupy@^4"].forEach((devDep) =>
       this.addDevDependency(devDep)
     );
-    ["aws_pdk@^0", "python@^3.9"].forEach((dep) => this.addDependency(dep));
+    ["aws_pdk@^0", "cdk_nag@^2", "python@^3.9"].forEach((dep) =>
+      this.addDependency(dep)
+    );
 
     const srcDir = path.resolve(
       __dirname,
 
@@ -86,7 +86,7 @@ export class InfrastructureTsProject extends AwsCdkTypeScriptApp {
 
     InfrastructureCommands.ensure(this);
 
-    this.addDeps("@aws/pdk");
+    this.addDeps("@aws/pdk", "cdk-nag");
 
     const srcDir = path.resolve(
       __dirname,