It is an AWS best practice to ensure that Security Groups don't allow unrestricted SSH access from public IPs to minimize the possibility of security breaches. An open SSH port can allow people to access your cloud through an unsecured network and increase the risk of threats such as Denial of Service (DoS) attacks or Distributed Denial of Service (DDoS) attacks. With rising security attacks, complete insight into your cloud security status becomes imperative. This is a primary item on our AWS Security checklist!
The Workflow Editor can be used to generate a report of security groups with unrestricted port 22 access. We create the list for you using the ‘security groups’ filter in the filter node, that have public IP inbound rule as 0.0.0.0/0.
Similarly, workflows can be created to monitor and report security groups with unrestricted access to any ports. The workflow below shows the example we have taken.