video1.0<iframe src="https://www.loom.com/embed/70e233655a404ae48606f3016fe9f34d" frameborder="0" width="1108" height="831" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>8311108Loomhttps://www.loom.com8311108https://cdn.loom.com/sessions/thumbnails/70e233655a404ae48606f3016fe9f34d-012a777c1512c127.gif298.707In this Loom I walk you through my event driven SRE automation playbook to instantly remediate the common cloud risk of leaving SSH port 22 open to the public. Built with a single AWS CloudFormation template, it provisions a VPC and subnet, a test security group, and a tightly scoped least privilege Lambda execution role. After enabling CloudTrail and an EventBridge rule called Security Group Change Rule, EventBridge invokes a Python 3.11 Lambda the moment the security group is modified. In my live test I set SSH to 0.0.0.0, and milliseconds later the inbound rule was revoked with CloudWatch logs showing the violation and successful remediation. There was no action requested from viewers.