what could be the reason for an amazon ip in my nginx access.log file?
3.88.16.48 - - [11/Nov/2023:19:20:07 -0300] "GET / HTTP/1.1" 200 615 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
You will be in for a surprise once you learn about tcpdump ;-) Welcome to internet hosting!
Have SSH open.
Just about anyone can spin up resources in AWS and do whatever until they’re caught.
There are thousands of reasons.
Pro tip set up user agent blocks in nginx and have it respond with a 444 it will have nginx stop responding instead of giving a 403. Block anything under chrome 100.