[sehrope]

The problem with the software one is you need a way to modify it when you can't access the instance. With AWS you do it from the admin console or APIs. If it's on the machine itself you'd have to know the IP to open up in advance or have someone at home base do it.

[jon-wood]

If you're likely to be connecting from different locations then you're probably better off having a VPN in a known location and routing connections to your servers via that VPN, rather than fiddling around with firewall rules every time you're in a new hotel.

[aeosynth]

That just shifts the problem - the VPN is vulnerable to the original attack.

[LordIllidan]

Digital Ocean (and Linode) provide Web Console support, so if you lock yourself out via i.p. - there is the console as a last resort.