Back to Course

Pentesting AWS Environments with Pacu, CloudGoat, and ChatGPT

0% Complete
0/0 Steps
  1. Introduction

    About the course and author
  2. About using CloudGoat, Pacu, and ChatGPT
  3. Who this course is for
  4. Important quick note on AWS resource pricing
  5. [LAB] Create a billing alert to avoid surprise bills
  6. We want your feedback
  7. Setting up our lab environment
    Read this before installing Pacu/CloudGoat!
  8. [DEMO] Pacu [Option #1] Install with pip [Recommended]
  9. [DEMO] Pacu [Option #2] Use with Docker
  10. [DEMO] CloudGoat [Option #1] Install with Git
  11. [DEMO] CloudGoat [Option #2] Running with Docker
  12. [DEMO] Configuring AWS access credentials for CloudGoat
  13. [DEMO] Configuring AWS access credentials
  14. Getting started with Pacu
    Pacu Quick Start Guide
  15. IAM Privilege Escalation by Misconfiguration (Small / Easy)
    Scenario overview
  16. [DEMO] Admin privilege escalation demonstration
  17. [DEMO] Cleaning up our lab environment
  18. Vulnerable Lambda (Small / Easy)
    Scenario overview
  19. [DEMO] Creating our lab environment
  20. [DEMO] Exploiting vulnerable Lambda functions for admin access
  21. [DEMO] Cleaning up our lab environment
  22. [Cheat Sheet] Solution steps (CLI)
  23. [LAB] [CTF] Lambda SQLi PrivEsc to Access Secret
  24. IAM Privilege Escalation by Rollback (Small / Easy)
    Scenario overview
  25. [DEMO] Exploiting IAM versions
  26. [DEMO] Cleaning up our lab environment
  27. [Cheat Sheet] Solution steps (CLI)
  28. [LAB] [CTF] PrivEsc via IAM Version Rollback
  29. Cloud Breach via S3 (Small / Moderate)
    Scenario walkthrough
  30. [LAB] [DEMO] Exploiting EC2 to reach S3
  31. Preventing this exploit
  32. Cleaning up our lab environment
  33. [Cheat Sheet] Solution steps (CLI)
  34. ECS Takeover (Medium / Moderate)
    Scenario walkthrough
  35. [DEMO] ECS RCE exploit to get credentials
  36. [DEMO] ECS Takeover
  37. [DEMO] Cleaning up our lab environment
  38. [Cheat Sheet] Solution steps (CLI)
  39. Wrap-up and Key Takeaways
    What's next?
  40. We want your feedback
Lesson 5 of 40
In Progress

[LAB] Create a billing alert to avoid surprise bills

Christophe September 4, 2023

Lab Details 👨‍🔬

  • Length of time: < 10 minutes
  • Cost: $0.00
  • Difficulty: Easy

Scenario 🧪

Before you complete any of our labs in this course, we highly recommend that you spend a few minutes going through this lab because it will teach you how to configure billing monitoring and alerting to notify you if your AWS bill ever exceeds what you expect to pay.

Some of the labs will be free, while others can cost some amount of money. This will be clearly noted in each section before you start so that there are no surprises and you can choose to skip the labs that cost money if you want.

With that said, sometimes, resources can continue to cost you money if you forget to turn them off or delete them, in which case you could end up with a surprise bill. These are the scary stories you’ve heard about on social media in regards to the cloud. This lab is designed specifically to help prevent that.

For example, if you are OK with spending up to $5.00 on labs for this course, then you could set an alert that notifies you when you reach $5.00, or when you get close to that (say $4.00) that way you can investigate and see if something was left running before you exceed $5.00. This is just an example number, and you can select whatever dollar value you’re comfortable with.

Let’s get started by following the below steps.

Enable billing alerts

  1. Log into your AWS account
  2. Pull up the billing dashboard (you can search for “billing”)
  3. Click on Billing Preferences in the left-bar menu
  4. Enable “Receive CloudWatch billing alerts”
  5. Click on “Save Preferences”
This image has an empty alt attribute; its file name is Screenshot-2023-10-04-at-9.36.29-AM.png

Creating an alarm

  1. Search for the service “CloudWatch” and click on it
  2. Make sure your region is set to “N. Virginia” (billing metrics are stored in this region, so this is necessary)
  3. Click on “All alarms” in the left-bar menu
  4. Click on “Create alarm”
  5. Click on “Select metric”
  6. You should see a “Billing” option under “Metrics” but if you don’t, you can search for it in the search bar below “Metrics”
  7. Select “Total Estimated Charge”
  8. Select the row with the metric name “EstimatedCharges” and then click on “Select metric” in the bottom right
  9. Choose “Maximum” for the “Statistic” option if it’s not already
  10. You can keep the “Period” at “6 hours”
  11. For the “Threshold type” under “Conditions” you will want to select “Static”
  12. For the “Whenever EstimatedCharges is…” option, you can select whatever you’d like between Greater and Greater/Equal
    1. If you want to get notified when charges reach or exceed $5.00, then you would select “Greater/Equal”
    2. If you want to get notified when charges exceed $5.00, then you would select “Greater”
  13. Set your dollar value in the “than…” input box
  14. Expand the “Additional configuration” and make sure that you see:
    1. “Datapoints to alarm” “1 out of 1”
    2. “Missing data treatment” set to “Treat missing data as missing”
  15. Click on “Next”
  16. Under notification, make sure it’s set to “In alarm” and “Create new topic” for the SNS topic
  17. You can leave the default topic name if you’d like, then add your preferred email to receive the notification (you can add multiple emails)
  18. Click on “Create Topic”
  19. You should receive an email shortly after from “AWS Notification – Subscription Confirmation” → you will need to click on “Confirm subscription” which is their way of preventing spam.
    1. You should see a page that says “Subscription confirmed!”
    2. (If you don’t have the email yet, wait a few minutes and check you didn’t misspell the email or check your spam folder)
  20. Back to the AWS console, you can click on “Next”
  21. You can now name it something like “Billing threshold alarm” and you don’t have to put in a description
  22. Review your settings to make sure they look right, then “Create alarm”
Step 2: Make sure you’re in US East region for this to work
Step 6: Billing Metric
Step 7: Look for “Total Estimated Charge” -> Select it -> Click on “Select Metric”

You will now see your brand-new alarm. Initially, it will say that the state is “insufficient data” but give it a minute or two, and it will change to “OK.” If you don’t see it after a couple of minutes, you can refresh the page.

Now that you have a billing alert, you will get notified based on the dollar value you set, and based on whether you set it to greater or greater than/equal to.

Reviewing your costs

Of course, you don’t have to wait for an alarm to come through to check on how much you’re spending in AWS. You can go back to the Billing dashboard and you will see a summary on the main dashboard. It will show you:

  • Current month’s total forecast
  • Current MTD (Month-to-date) balance
  • Prior month for the same period with trend

You can also see additional breakdowns further down on this page, or in the “Cost explorer.” Feel free to check that out if you’re interested, but otherwise, let’s complete this lab!

If you have any issues with this lab, please comment below and we’ll take a look!


Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.