I'm about to launch my first ever SaaS product on AWS and am thinking through security.

I have my main server, which is obviously public on :80 and :443, and then I have a bunch of other infra that I need access to as a developer (typically on :22) but that I don't want to be fully public.

I was thinking I would rent a dedicated IP through one of the VPN companies and then set AWS security groups to only allow traffic from that IP for those kinds of services.

How secure is this approach? Is there a better way I'm not thinking about?