I know I am being a pest about some of my suggestions, but……
Since security is paramount with cloud providers I would suggest that ACG setup a VPN tunnel to VPC’s used in demos, or use the "My IP Address". Using the worst possible option, 0.0.0.0/0, is as you know a terrible idea. Ryan mentions every time he uses it that it’s a bad idea and never do it — "but this is for demo purposes". To me, this is not a great way to demo anything in the cloud. Lead by example…:-) Please follow best practices throughout your demos. Doing so would reinforce the security model with your students!!
I agree with you, and I know others have stated the same. I understand that Ryan is doing it for convenience and that he terminates instances immediately after recording lectures. However, after going through VPC Flow Log demonstrations and playing around with them more I was amazed at just how quickly there were probes looking for vulnerabilities and how many of them there were. There’s no such thing as security by obscurity any longer, and I wish that the lectures would incorporate best practices for things like this. Students who are following labs may not know any better, and are more apt to leave instances running for a period of time while trying to learn the material.
Thanks for the feedback – we’ll take it on board