...
Permitting traffic from any internet host to any port is generally discouraged, as a security best practice. Rules configured this way expose all ports and services on a host to any internet IP. This can result in malicious actors scanning administrative ports like SSH or RDP and attempting to brute force entry. These rules can almost always be reconfigured to be much more restrictive while still allowing legitimate users to connect to your application.
There are situations where it would be hard to avoid an any rule, for example, a web site having the necessity of being open to the world on ports 80 and 443. Very few situations, if none at all, should allow as a source all clients. Access needs to be explicitly stated where it is originating from. To make the process easier, IP ranges are commonly used to avoid having to add a running list host by host. For example, all of Columbia networks can be added as a source with a statement such as 128.59.0.0/16
An example any/any Security Group rule is shown below. Note the 'All' under 'Protocol' and 'Port Range'. 'All' in these columns means the remote host can connect to ANY port/service on your VM. Note also the 'Source' column. '0.0.0.0/0' and '::/0' means ANY IP address.
...