Complete CloudGoat Setup Guide


WARNING: Following this tutorial in its entirety will result in vulnerable AWS cloud resources being deployed publicly on the internet…just kidding

AWS Registration and Configuration

Navigate to the AWS Console to begin account set-up Click the Create an AWS Account button

Enter your information to sign up

Next go to the services page and search for IAM management and go there to set up the user account

Select the Users page on the left menu and then the Add user button

Now choose a user name for the account that will manage your AWS resources.

Next, we will be creating a user group to associate the necessary permissions with.

First give your group a name – we chose cloudgoat_admin but it could be anything. For this application we will need to associate the following policies (you can search for them quickly):


Finish up by clicking the Create group button.

Now click through the Next button until you are finished with the user creation wizard.

NOTE ### When you get to the final screen make sure to grab the AccessKey and SecretKey!

If you missed the SecretKey you can create a new key-pair under the user settings and delete the old one.

Finally, navigate to the services menu and click on S3. If you see the following message it probably means that you need to finish verifying your account info. Note that the final steps of this tutorial (creating the actual instances) will not work until your account is fully registered and verified.

Launching the Management VM

First, we start by downloading something to run our VM. Select the host option that is appropriate to you (windows in this example).

Next download the Ubuntu Server iso.

Click New to start a new Ubuntu Server instance.

Name your VM and choose the local location to store its filesystem.

2048 MB or 2GB is enough for this application.

Create a new virtual hard disk to store your filesystem.

VirtualBox Disk Image (.vdi) will work fine here.

Choose dynamically allocated so you only use the space you have to.

The default 10GB configuration is fine for this application.

Finally, we are done with the main configuration.

Before booting up the image click the settings button with the CloudGoat VM selected (highlighted). Go to the Storage tab, select the Empty slot on the IDE Controller. Check the box for Live CD/DVD and then click the blue disk image button to the right of the dropdown.

Next, click on Choose a disk file…

Select the iso image that was downloaded from Ubuntu earlier. Click Open, and then OK on the settings window.

Now click the Start button and follow the prompts to install ubuntu server.

Installing Ubuntu Server

Choose your default language.

For most applications, the default DHCP configuration will be sufficient.

Default proxy configuration unless you have a proxy. Default Ubuntu archive mirror for downloading packages and updates. Use the entire drive for installing the filesystem. Note: Your server’s name is your vm’s hostname

Select the option to download OpenSSH, skip all the additional snaps. You should then see the system being installed.

After the installation is complete you can unmount the live-boot iso by clicking Devices > Optical Drives > Remove disk from virtual drive

Next, enter your username and password. If everything was successful, you should be presented with a terminal like this.

Configure Windows SSH

The VirtualBox terminal is less than ideal at this point and we should have a more permanent method for connecting to remote Linux hosts, so let’s give Windows an upgrade. Tap the Windows button and type Apps & Features to pull up the settings submenu. Select the optional features link. Then search for OpenSSH server in the list. After you click on it, it will disappear from the list. Click the back arrow on top of the menu and it should be installing as seen in the picture below.

Next press the Windows button again and type PowerShell.

Click the top-left menu button and select properties

Adjust the colors, fonts, or whatever else to your liking and click OK. Now that our shell looks awesome, let’s try connecting to our VM over SSH (secure shell in-case you didn’t know).

ssh <username>@<vm’s-ip>

Connecting to the VM via SSH

Enter your username and password for the Ubuntu account that you set up when installing the VM.

A successful login should look something like this (with a bunch of extra info about the server):

Configuring CloudGoat on the VM

Next, we need to grab pip (command below) and make sure that we can run python easily. First, we are using wget to download the web resource, then we are creating symbolic links for the python3 binary.

sudo ln -s /usr/bin/python3 /usr/bin/python
sudo ln -s /usr/bin/python3 /usr/bin/py

Now to get pip.


Now go to Github and grab the link for the CloudGoat repository.

In the terminal of ubuntu server enter:

git clone ./cloudgoat

Because I don’t like pressing extra keys, I’ll make the cloudgoat directory all lower case. Now we get the terraform install:


Grab unzip from apt, unzip terraform and then move it to a location that is configured to your PATH environment variable.

sudo apt-get install unzip
sudo cp terraform /usr/local/bin/
rm & rm terraform & rm

Now that we’ve cleaned up, we can download our required libraries using pip and change the permissions for so we can execute it with a single command.

cd cloudgoat
pip install -r ./core/python/requirements.txt
chmod u+x

Once that’s complete, we will need to download the AWS Cli (command-line interface) for managing our accounts.

curl “” -o “”
sudo ./aws/install
aws –version

Configure the CloudGoat profile:

./ config profile
./ config whitelist --auto
aws configure --profile cloudgoat_manager

Enter the Access Key, Secret Key and Default Region of your admin account that was set up on the AWS Console web portal.

Creating Instances and Wrapping Up

Create the vulnerable instance:

./ create rce_web_app profile cloudgoat_manager

When installation is complete you will be provided with a set of credentials for two separate user accounts. Lets configure those accounts with AWS Cli.

aws configure --profile Lara
aws configure --profile McDuck

That’s it! You’ve now successfully configured and deployed CloudGoat with the vulnerable RCE ec2 instance.

Make sure to save all of your keys and credentials in a password manager.



2 thoughts on “Complete CloudGoat Setup Guide

  1. I have been searching to find a comfort or effective procedure to complete this process and I think this is the most suitable way to do it effectively.

Leave a Reply