A security group controls and limits the network access to your VPC or resource. Port 22 (SSH) allows remote connection and control over a resource. Therefore, it is recommended NOT to allow access from the internet threw this port, and limit it using security groups. Allowing unrestricted SSH access can increase opportunities for malicious activity such as hacking, man-in-the-middle attacks (MITM) and brute-force attacks. Ensuring your security groups allow inbound access to port 22 (SSH) to only IP addresses that require it can reduce this kind of risk.
Review your security groups inbound rules and in case SSH access is required, limit it to only specific IP addresses that require it and not for all.