阻止所有传出的 ssh 流量

我的 EC2 实例报告有可疑活动，我收到了以下电子邮件：

涉嫌参与类似于在互联网上扫描远程主机以查找安全漏洞的活动。AWS 可接受使用政策 (https://aws.amazon.com/aup/）我们已将原始报告附在下面，供您查阅。

请采取措施停止所报告的活动，并直接回复此电子邮件，详细说明您已采取的纠正措施。如果您认为这些报告中描述的活动不属于滥用行为，请回复此电子邮件，详细说明您的使用案例。

如果您不知道此活动，则您的环境可能已被外部攻击者入侵，或者存在漏洞，允许您的机器以非预期的方式被使用。

我不知道如何检查发生了什么。我更改了 root 密码，但仍然收到相同的活动报告。

以下是日志：

Full logs:
(time in UTC)=2020-12-08T23:59:13 (attacker's IP)=myip (IP being scanned)=91^208^184^50 (TCP port being scanned)=523
(time in UTC)=2020-12-08T23:59:21 (attacker's IP)=myip (IP being scanned)=78^128^99^30 (TCP port being scanned)=2025
(time in UTC)=2020-12-08T23:59:28 (attacker's IP)=myip (IP being scanned)=140^238^172^100 (TCP port being scanned)=841
(time in UTC)=2020-12-08T23:59:42 (attacker's IP)=myip (IP being scanned)=219^91^85^19 (TCP port being scanned)=10699
(time in UTC)=2020-12-08T23:59:54 (attacker's IP)=myip (IP being scanned)=78^128^99^30 (TCP port being scanned)=1298
(time in UTC)=2020-12-09T23:57:40 (attacker's IP)=myip (IP being scanned)=219^91^85^19 (TCP port being scanned)=313
(time in UTC)=2020-12-09T23:57:43 (attacker's IP)=myip (IP being scanned)=219^91^62^21 (TCP port being scanned)=21735
(time in UTC)=2020-12-09T23:57:43 (attacker's IP)=myip (IP being scanned)=91^203^192^19 (TCP port being scanned)=984
(time in UTC)=2020-12-09T23:57:52 (attacker's IP)=myip (IP being scanned)=185^178^44^132 (TCP port being scanned)=18263
(time in UTC)=2020-12-09T23:57:53 (attacker's IP)=myip (IP being scanned)=140^238^172^100 (TCP port being scanned)=1389

另一份日志：

Logs:
------------------------------------------------------------------------
Dec 9 01:01:55 kmh-wmh-003-nbg03 sshd[698]: Invalid user test from myip port 44682
Dec 9 01:01:55 kmh-wmh-003-nbg03 sshd[698]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=myip
Dec 9 01:01:57 kmh-wmh-003-nbg03 sshd[698]: Failed password for invalid user test from myip port 44682 ssh2
Dec 9 01:01:57 kmh-wmh-003-nbg03 sshd[698]: Received disconnect from myip port 44682:11: Bye Bye [preauth]
Dec 9 01:01:57 kmh-wmh-003-nbg03 sshd[698]: Disconnected from myip port 44682 [preauth]
Dec 9 01:18:16 kmh-wmh-003-nbg03 sshd[2480]: Invalid user pppuser from myip port 41660
Dec 9 01:18:16 kmh-wmh-003-nbg03 sshd[2480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=myip
Dec 9 01:18:17 kmh-wmh-003-nbg03 sshd[2480]: Failed password for invalid user pppuser from myip port 41660 ssh2
Dec 9 01:18:17 kmh-wmh-003-nbg03 sshd[2480]: Received disconnect from myip port 41660:11: Bye Bye [preauth]
Dec 9 01:18:17 kmh-wmh-003-nbg03 sshd[2480]: Disconnected from myip port 41660 [preauth]
Dec 9 01:21:25 kmh-wmh-003-nbg03 sshd[2792]: Invalid user master from myip port 38852
Dec 9 01:21:25 kmh-wmh-003-nbg03 sshd[2792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=myip

因为我从不使用我的实例连接到 ssh，所以我只想阻止来自任何用户和任何应用程序/进程的所有传出 SSH 流量。如何做到这一点？

也许我可以使用 iptables 阻止所有到端口 22 的传出流量，但不能阻止所有使用端口 22 的 ssh，对吗？还有其他有效的方法吗？