So I'm taking the time to secure my server, fail2ban being a common contender from my readings and suggestions.
But going through some blogs, its seems I can
a) just install and it will do its job "custom"
b) you can use fail2ban to harden your AMI.
Thing is with b) is that, for instance, you can select to only allow your local IP to SSH in, just like security groups in EC2 dashboard. But if your ISP resets your IP for some reason, or a power out in your zone etc... you'll get a new IP. If you harden within the AMI fail2ban rules, no matter what you do, you'll never be able to get in, ever. On EC2 console you can go in an edit your new IP and everything is cool.
So is there a real need for fail2ban, except just the custom setup against force-brute attacks?
But going through some blogs, its seems I can
a) just install and it will do its job "custom"
b) you can use fail2ban to harden your AMI.
Thing is with b) is that, for instance, you can select to only allow your local IP to SSH in, just like security groups in EC2 dashboard. But if your ISP resets your IP for some reason, or a power out in your zone etc... you'll get a new IP. If you harden within the AMI fail2ban rules, no matter what you do, you'll never be able to get in, ever. On EC2 console you can go in an edit your new IP and everything is cool.
So is there a real need for fail2ban, except just the custom setup against force-brute attacks?
