Do AWS Servers need fail2ban?

In that case, I would say that fail2ban would not be required.

I would really only use fail2ban when you have to expose a management service to the Internet in the hypervisor (aws) firewall. In your case, all requests except those from your IP are being dropped.

One thing to note, if your IP address changes (non-static) you will have to update the aws security group.

Fail2ban scans log files for potentially malicious actions and bans the IP-addresses from which such behaviour originates. Generally Fail2Ban is then used initiate an action that will block subsequent (malicious) actions from that IP-address from recurring.

To prevent getting locked out as an administrator you would normally add your own (management) network addresses to an IP-whitelist in fail2ban.

Now if your server or service has been firewalled to only allow access from the same ip-addresses and/or networks present in that whitelist, fail2ban will never actually do anything, right?