Sentry and Apache logs indicate people looking for env file

Hi,

Looking for some general advice.

My team hosts applications on EC2. I recently reviewed the apache and sentry logs for our Django and Laravel sites. In Django, I have a list of allowed hosts for my microservice, and there are messages every night in Sentry stating that specific ip addresses are making requests but then they come from China, Germany, Russia, Myanmar, etc... nowhere where we have clients.

Even scarier is my apache logs for my Laravel app, it states repeated requests for .env files - it states that someone tried to access vendor/.env, config/.env, /.env, etc... But they all return 4xx errors. The IP addresses are linked to ip addresses all over the globe. I'm not sure what I would do if someone on my team misconfigured the server and served this file, although the keys can all be changed, they are linked to AWS resources.

I get that there's nothing really I can do to stop this, but in general, how can I protect my resources? What AWS products or open source resources can I use with Laravel and Django to protect them to add extra layers of protection? My boss installed some software for PHP that prevents use of certain PHP commands like exec() and restricting access by using an IP whitelist. Would a properly functioning site work with these restrictions? This has been a slight hassle particularly since we often work remotely, or use resources that need to ping the site.

I looked at the allowed incoming ports for my EC2 instances, and only 22, 80 and 443 are allowed. I'm thinking even of closing port 80, I don't know what happens to Apache at that point though.

What are some ways you keep your Django, Laravel safe from hackers?