I highly recommend CloudGoat, It is awesome!
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade
cd ~
git clone https://github.com/RhinoSecurityLabs/cloudgoat
cd cloudgoat
pip3 install -r core/python/requirements.txt
sudo apt-get install awscli unzip
wget https://releases.hashicorp.com/terraform/0.12.29/terraform_0.12.29_linux_amd64.zip
unzip terraform_*
sudo mv terraform /usr/local/bin/
Login to AWS Management –> IAM Management –> Users –> Create new User –> Programmatic Access
Add the following Roles to the user:
- AdministratorAccess
- AmazonRDSFullAccess
- AmazonEC2FullAccess
- IAMFullAccess
- AmazonS3FullAccess
- CloudWatchFullAccess
- AmazonDynamoDBFullAccess
aws configure –profile proper –> Enter Access key for cloudgoat management user –> Enter Secret Access key for cloudgoat management user
chmod u+x cloudgoat.py
./cloudgoat.py config profile proper
./cloudgoat.py config whitelist –auto
./cloudgoat.py create rce_web_app –profile proper
aws configure –profile Lara –> Enter Lara’s Access Key –> Enter Lara’s Secret Access Key
aws ec2 describe-instances –profile Lara
When that command works, you can just start going at it or check out this URL for RhinoSecurityLabs offical walkthrough of this scenario! (LINK HERE)
*NOTE* If something fucks up when you try to create the rce_web_app and you try to create it again, it will use the cloudgoat destroy command to do that, and it seems to leave some some custom policies in AWS which then fucked up the creation you try next b/c it says you can’t have duplicate policies. So if you get a duplicate policies error, go onto the AWS management console –> IAM –> Policies. Then remove any policies that were made by cloudgoat create
If you want to modify your AWS profiles manually, they are located at ~/.aws/*