rootđź’€senseicat:~#
Hack. Eat. Sleep. Repeat!!!
Project maintained by SENSEiXENUS Hosted on GitHub Pages — Theme by mattgraham
Setting up Cloud Goat
- Create an account at console and add a valid debit card.
- Create a user-:
- Create an
administrator policy-:
- Generate an access key next. go to IAM->Access Management-> IAM Users, click on the user, and security credentials and create Access Key-:
- Save somewhere-:
Dependencies
awscli-:
sudo apt install awscli
aws configure
- Prompt-:
Access Key Id-> Key you generated above Secret Access Key-> None Default region-> use whatever region your account is in e.g us-east-2, check the top right console of your AWS console in what region you are in default output format-> json
- Setting up terraform-:
wget https://releases.hashicorp.com/terraform/0.12.29/terraform_0.12.29_linux_amd64.zip
unzip terraform_0.12.29_linux_amd64.zip
sudo cp terraform /usr/local/bin/
rm get-pip.py & rm terraform & rm terraform_0.12.29_linux_amd64.zip
- Setting up the goat itself-:
pipx install cloudgoat
- Configuring Cloudgoat-:
#default as anything asked
cloudgoat config aws
cloudgoat config whitelist --auto
- Final verification
# aws creds
aws sts get-caller-identity --profile default
# terraform available
terraform version
# cloudgoat config whitelist
cloudgoat config whitelist
- Note-: Cloudgoat will not use your
defaultAWS profile automatically.This is to prevent you from accidentally deploying vulnerable infrastructure to prevent accidentally vulnerable infrastructure to a production account. You must explicitly pass--profile default. - Most scenarios use free-tier or near free resources but some spin up EC2 instances or other billable services.
- Always run
cloudgoat destroy <scenario-name> --profile default
- Verify with
aws iam list-users --profile default | grep cgid
aws iam list-policies --scope local --profile default | grep cgid