Restrict incoming REGISTER domain in Asterisk+PJSIP

Hello all,

First of all sorry, if this question has been answered before but I was unable to find a valid response.

I am using an Asterisk 15.3.0 installation in a EC2 with PJSIP. All works properly, endpoints are able to talk to each other. The endpoints are registered with @<asterisk_ec2_ip_address>. I would like to enable REGISTER and SIP communications only to endpoints in a given domain, it is only allow REGISTER to @<> and reject the previous @<asterisk_ec2_ip_address>, and of course, any other attempts with different domains.

What would it be the appropriate configuration? I am using domain= in transport section, realm= in endpoints sections but none of the configs worked. Any hint?

Thank you in advance.

Could you use acl.conf and limit IP-Address or ranges of IP-Addresses? (Warning, I am a relative newbie).