How to Find and Fix Open Security Groups in AWS

Open security groups are among the most common AWS security misconfigurations found in production environments. A single inbound rule allowing 0.0.0.0/0 on port 22 exposes your EC2 instances to every scanner and brute-force bot on the internet. It happens gradually — an engineer opens SSH access for a quick debugging session and forgets to close it. A staging environment gets a permissive rule that's never tightened. Multiply that across dozens of instances and multiple AWS regions, and you have a serious attack surface hiding in plain sight. This guide shows you how to find and fix open security groups in AWS using both the Console and CLI — and how to automate the process so nothing slips through. Why Open Security Groups Are a Real Threat An AWS security group acts as a virtual firewall for your EC2 instances. Each inbound rule specifies which traffic is allowed to reach your instance. When the source is set to 0.0.0.0/0, it means every IP address on the internet can reach that port