To have a significant impact SSRF needs to be combined with a second worse vulnerability: An endpoint that trusts unauthenticated requests just because they come from within the local network. Sadly several popular clouds have such a vulnerability out of the box (metadata endpoint).

Yeah, that's less of a "vulnerability" and more of how I expect 99% of companies to handle authentication within a network (sadly).