cloudgoat
cloudgoat copied to clipboard
RhinoSecurityLabs
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
Lambda 3.6 is no longer supported so the terraform apply fails. simple fix was to bump to 3.9
The following create operations fail with `Error creating DB Instance: InvalidParameterCombination: Cannot find version 9.6 for postgres` error. - `./cloudgoat.py create codebuild_secrets` - `./cloudgoat.py create rce_web_app`
Currently AWS limits number of VPCs to 5. Creating any 5 scenarios that require a VPC exhausts this limit and all `create` commands fail with a `error creating EC2 VPC:...
There is a misconfiguration in the filter pattern for the instance_profile_abnormal_usage metric filter. The IP -> assumed role for the easy path is currently source_ip == easy_instance_ip && useridentity.arn ==...
This causes a lot of headaches during development, you either have to destroy/recreate or copy code manually. This seems to have resulted in several fixes missing from PRs I've worked...
 I've posted in the slack channel also but haven't gotten any help. Between this and destroy the scenario I'm having trouble.
When running `./cloudgoat.py config whitelist --auto` I get the following error: ``` [cloudgoat] Unknown error: Did not receive a valid IP address. Received this instead: 2a00:23c8:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/32 ``` This is due...
Hi there, Loved the new vulnerable_lambda scenario, thanks so much for pushing this out. Noticed during clean up that the iam module runs the resource_cleaning.sh (scenarios/vulnerable_lambda/terraform/resource_cleaning.sh) makes AWS calls, but...
./cloudgoat.py create ec2_ssrf The create command requires the use of the --profile flag, or a default profile defined in the config.yml file (try "config profile"). bash-5.1# ./cloudgoat.py create ec2_ssrf --profile...
Metadata
Owner
Metadata
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool