I am using GitHub Action to do an ssh sync from the master repository to my aws web server. The problem with this is that I need to have port 22 open on the aws web server for github actions to work. I want this to be my production server and do not want to leave port 22 open. What are some realistic options that I can do instead. I do not want to whitelist hundreds of Azure ips, is it enough to just put fail2ban on the web server? Anything else?