The Capital One breach in 2019? A misconfigured security group allowing SSRF to the metadata service. This isn’t theoretical; unrestricted inbound access is a primary attack vector.
Leaving 0.0.0.0/0 open on sensitive ports in your AWS security groups is the cloud equivalent of leaving your data center’s front door wide open. Automated scanners are constantly probing AWS IP ranges, looking for exactly these kinds of misconfigurations.
Your default posture should always be least privilege. For any inbound rule, be specific with your source IPs. If you need external access, use a VPN or a dedicated jump box with tighter controls, or at least restrict to known, required IP ranges.
To fix this, go into your AWS Security Groups, locate rules with Source: 0.0.0.0/0, and edit them to specific IP ranges or remove them if no longer needed.
Don’t be the next headline. Close those doors.
The fix
# Find SGs with 0.0.0.0/0 inbound\naws ec2 describe-security-groups --query \\\n 'SecurityGroups[?IpPermissions[?IpRanges[?CidrIp==`0.0.0.0/0`]]].[GroupId,GroupName]' \\\n --output table\n
Reference: CIS AWS Foundations Benchmark 5.2