To further protect your site in AWS, do the following;
- Create a bucket in S3 to keep CloudFront Logs
- Go into your CloudFront distribution, and turn on logging, and choose the above bucket
- Wait 2-4 hours for the logs to start being pre-populated
These can then be analysed and you can set up filters in WAF – which is an additional Firewall for AWS. More details to follow.
This typically will help avoid, CloudFront IP addresses being banned by Fail2Ban, and allow you to discern where spurious traffic is coming from (not from CloudFront).