{"type":"video","version":"1.0","html":"<iframe src=\"https://www.loom.com/embed/70e233655a404ae48606f3016fe9f34d\" frameborder=\"0\" width=\"1108\" height=\"831\" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>","height":831,"width":1108,"provider_name":"Loom","provider_url":"https://www.loom.com","thumbnail_height":831,"thumbnail_width":1108,"thumbnail_url":"https://cdn.loom.com/sessions/thumbnails/70e233655a404ae48606f3016fe9f34d-012a777c1512c127.gif","duration":298.707,"title":"Event-Driven SRE Automation for Public SSH","description":"In this Loom I walk you through my event driven SRE automation playbook to instantly remediate the common cloud risk of leaving SSH port 22 open to the public. Built with a single AWS CloudFormation template, it provisions a VPC and subnet, a test security group, and a tightly scoped least privilege Lambda execution role. After enabling CloudTrail and an EventBridge rule called Security Group Change Rule, EventBridge invokes a Python 3.11 Lambda the moment the security group is modified. In my live test I set SSH to 0.0.0.0, and milliseconds later the inbound rule was revoked with CloudWatch logs showing the violation and successful remediation. There was no action requested from viewers."}