Utilize terraform to only allow cloudflare IP ranges into the security policy.

See:

• https://medium.com/@kscloud/restrict-s3-bucket-access-to-cloudflare-ips-only-104583f6fc98

Assure that using fail2ban within Ansible properly reports up to cloudflare for banning on their proxy servers. This may need extra work to ensure that the proper IPs are being banned at the right level, if IP tables are being used then there is the chance of the cloudflare proxy itself being banned, which wouldn't be good.

I would like the ability to report custom metrics and logs of the minecraft server up to cloudwatch for easy viewing.

These can include things such as:

• Number of logged in players
• Minecraft server logs
• Fail2Ban logs
• EC2 Usage

Ref:

• https://devopscube.com/how-to-setup-and-push-serverapplication-logs-to-aws-cloudwatch/
• https://github.com/spravil/PHP-Minecraft-Server-Status-Query

Add docker support for managing stacks within my swarm containers.

- hosts: my-swarm-manager-nodes[0]
  tasks:
    - name: deploy services to swarm
      community.general.docker_stack:
        name: "{{ item.name }}"
        state: present
        compose:
          - "{{ item.compose }}"
      with_items: "{{ my_services }}"
      when: my_services is defined
  vars:
    my_services:
      - name: some_stack:
        compose: "{{ lookup('file', '../../docker/some_stack.yml') | from_yaml }}"

Ref: https://old.reddit.com/r/ansible/comments/lb1qvq/ansible_and_docker_stacks/glsisqq/

Have the minecraft server automatically update the cloudflare DNS to the new EC2 instance IP address when it starts up.

Automatically move data off of EBS and into S3 (glacier, deep freeze, etc) automatically based on timed constraints.

Perhaps a weekly snapshot to S3, then monthly to glacier, and yearly to deep freeze?

Fix terrascan report, so that no violations exist.