AWS provides AWS GuardDuty which can detect suspicious behavior activity like SSH brute force attack.It is highly recommended to enable AWS GuardDuty in your production environment.
All insights are delivered in the AWS GuardDuty console. In case of SSH Brute force attack, the finding type would be classified as UnauthorizedAccess:EC2/SSHBruteForce and details would include the ip address. For list of finding types, visit https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_finding-types-ec2.html
You can block the required ip address on your environment entry point (i.e WAF etc).