CloudGoat 00. Setup (AWS)
I tried CloudGoat a few years ago, but I barely remember and they’ve added more challenges, so I want to try it again and explore the new scenarios.
CloudGoat is a “Vulnerable by Design” AWS deployment tool created by Rhino Security Labs, designed to help users develop cloud cybersecurity skills. It offers a series of “capture-the-flag” style scenarios, allowing you to explore vulnerabilities and exploit them to achieve the scenario’s objectives.
Let’s get started!
Requirements
- Linux or MacOS. Windows is not officially supported.
- Argument tab-completion requires bash 4.2+ (Linux, or OSX with some difficulty).
- Python3.6+ is required.
- Terraform >= 0.14 installed and in your
$PATH. - The AWS CLI installed and in your
$PATH, and an AWS account with sufficient privileges to create and destroy resources. - jq (JSON processor)
I will be setting up CloudGoat on macOS.
1. Install AWS CLI
1 | brew install awscli |
2. Set Up AWS Profile
Before running CloudGoat, create an IAM user in AWS with the required permissions AdministratorAccess and configure your AWS credentials. I named this user cloudgoat. Before executing below command, you need to get the Access Key and Secret Access Key from the AWS website. And please save these keys somewhere safe, and never share your Secret Access Key.
1 | aws configure --profile cloudgoat |
To check, if your credentials are configured correctly, run:
1 | aws sts get-caller-identity --profile cloudgoat |
3. Install Terraform
1 | brew tap hashicorp/tap |
4. Set Up CloudGoat
1 | git clone https://github.com/RhinoSecurityLabs/cloudgoat.git |
(+) Deloy a Scenario
1 | ./cloudgoat.py create sns_secrets |
To deploy the sns_secrets scenario, use above command.
(+) Cleanup a Scenario
1 | ./cloudgoat.py destroy sns_secrets |
After finishing a scenario, always destroy the deployed resources to avoid unnecessary costs.