diff --git a/testinfra/test_ami_nix.py b/testinfra/test_ami_nix.py
index 42442de18..123ef1baf 100644
--- a/testinfra/test_ami_nix.py
+++ b/testinfra/test_ami_nix.py
@@ -351,6 +351,30 @@ def gzip_then_base64_encode(s: str) -> str:
         instance.terminate()
         raise TimeoutError("init.sh failed to complete within the timeout period")
 
+    # Create auth-failures.csv file if it doesn't exist (required for fail2ban to start)
+    # This matches what setup_fail2ban() does in the init script
+    logger.info("Ensuring PostgreSQL auth-failures.csv exists...")
+    result = run_ssh_command(
+        ssh,
+        "sudo mkdir -p /var/log/postgresql && sudo chown -R postgres:postgres /var/log/postgresql && sudo chmod 1775 /var/log/postgresql && sudo -u postgres touch /var/log/postgresql/auth-failures.csv && sudo chmod 0664 /var/log/postgresql/auth-failures.csv",
+    )
+    if not result["succeeded"]:
+        logger.warning(f"Failed to create auth-failures.csv: {result['stderr']}")
+
+    # Start fail2ban service before health checks
+    logger.info("Starting fail2ban service...")
+    result = run_ssh_command(ssh, "sudo systemctl start fail2ban.service")
+    if not result["succeeded"]:
+        logger.warning(f"Failed to start fail2ban: {result['stderr']}")
+        # Check fail2ban logs for more details
+        log_result = run_ssh_command(
+            ssh, "sudo journalctl -u fail2ban -n 20 --no-pager"
+        )
+        if log_result["succeeded"]:
+            logger.warning(f"fail2ban logs:\n{log_result['stdout']}")
+    else:
+        logger.info("fail2ban service started successfully")
+
     def is_healthy(ssh) -> bool:
         health_checks = [
             ("postgres", "sudo -u postgres /usr/bin/pg_isready -U postgres"),