Is there a way to know how much something like this would cost to run?
I'd like to give this a go, but I've always been put off trying anything on AWS due to horror stories of being unable to cap costs and generating huge bills.
You can check out the documentation of the scenarios, they list the created AWS resources. The ones I checked looked either free or cheap to me. No guarantee of course and usage can also generate cost.
https://github.com/RhinoSecurityLabs/cloudgoat/blob/master/scenarios/vulnerable_lambda/README.md
1 IAM User
1 IAM Role
1 Lambda
1 Secret
Ah thanks, that makes sense. So I only need to run what is needed for the scenario (plus anything I need to complete the scenario), some of them like the one you picked seem pretty light weight, which is nice.
Keep it small and you’re unlikely to get beyond the free tiers, but be sure to remove payment methods and/or close the account after you’ve finished. I had a zombie forgotten account all of a sudden start hitting my debit card one month because of some DNS traffic I wasn’t aware of. It wasn’t much, but I have also had to negotiate charges in another instance. It’s not that the ability to understand and control the fees aren’t available—but for anyone who’s unused to AWS it can be complicated, and easy to forget some single aspect.
Good point, maybe I should use one of those services that let you use virtual cards you add money to and ftheure disposable? Never looked into these, but the horror stories I've seen on HN have seriously pit me off trying AWS even though I've regularly used other cloud providers.
I think microsoft released one the other day about securing directory servers... But yeah this is a neat concept, but a lot of the tech is very AWS specific - probably still fun to try even without much AWS heavy - they look like they're mostly testing your understanding of the 'edges' of the cloud.
For those looking for additional security training resources there's another HN thread going on here: https://news.ycombinator.com/item?id=40195210