Hi. We have an application, which offers clients with mobile Apps. Mobile apps serve using REST APIs provided by a big Monolith web frontend and backend built on PHP/MySQL running on a conventional dedicated machine.

Now we have started rolling out our application across the globe. We want to serve each country at its own TLD like, myapp.us, myapp.pk etc.

Since each country site might have different features and localization challenges, therefore, we'll need to have several different master branches, each for a country. And the backend application will be cloned on a separate machine for each country.

We'd need to geo-restrict mobile apps as well. So a client from the US would be served via our ".us" TLD REST API, and Pakistan client's App should be served with REST APIs from .pk TLD.

Need a piece of advice on, Which AWS service can we use to have a single authentication endpoint which would authenticate Apps from the relevant country server by automatically detecting the location?

Thanks.