Back to Course

Pentesting AWS Environments with Pacu, CloudGoat, and ChatGPT

0% Complete
0/0 Steps
  1. Introduction

    About the course and author
  2. About using CloudGoat, Pacu, and ChatGPT
  3. Who this course is for
  4. Important quick note on AWS resource pricing
  5. [LAB] Create a billing alert to avoid surprise bills
  6. We want your feedback
  7. Setting up our lab environment
    Read this before installing Pacu/CloudGoat!
  8. [DEMO] Pacu [Option #1] Install with pip [Recommended]
  9. [DEMO] Pacu [Option #2] Use with Docker
  10. [DEMO] CloudGoat [Option #1] Install with Git
  11. [DEMO] CloudGoat [Option #2] Running with Docker
  12. [DEMO] Configuring AWS access credentials for CloudGoat
  13. [DEMO] Configuring AWS access credentials
  14. Getting started with Pacu
    Pacu Quick Start Guide
  15. IAM Privilege Escalation by Misconfiguration (Small / Easy)
    Scenario overview
  16. [DEMO] Admin privilege escalation demonstration
  17. [DEMO] Cleaning up our lab environment
  18. Vulnerable Lambda (Small / Easy)
    Scenario overview
  19. [DEMO] Creating our lab environment
  20. [DEMO] Exploiting vulnerable Lambda functions for admin access
  21. [DEMO] Cleaning up our lab environment
  22. [Cheat Sheet] Solution steps (CLI)
  23. [LAB] [CTF] Lambda SQLi PrivEsc to Access Secret
  24. IAM Privilege Escalation by Rollback (Small / Easy)
    Scenario overview
  25. [DEMO] Exploiting IAM versions
  26. [DEMO] Cleaning up our lab environment
  27. [Cheat Sheet] Solution steps (CLI)
  28. [LAB] [CTF] PrivEsc via IAM Version Rollback
  29. Cloud Breach via S3 (Small / Moderate)
    Scenario walkthrough
  30. [LAB] [DEMO] Exploiting EC2 to reach S3
  31. Preventing this exploit
  32. Cleaning up our lab environment
  33. [Cheat Sheet] Solution steps (CLI)
  34. ECS Takeover (Medium / Moderate)
    Scenario walkthrough
  35. [DEMO] ECS RCE exploit to get credentials
  36. [DEMO] ECS Takeover
  37. [DEMO] Cleaning up our lab environment
  38. [Cheat Sheet] Solution steps (CLI)
  39. Wrap-up and Key Takeaways
    What's next?
  40. We want your feedback
Lesson 5 of 40
In Progress

[LAB] Create a billing alert to avoid surprise bills

Christophe September 4, 2023

Lab Details 👨‍🔬

  • Length of time: < 10 minutes
  • Cost: $0.00
  • Difficulty: Easy

Scenario 🧪

Before you complete any of our labs in your own account(s), we highly recommend that you spend a few minutes going through this lab because it will teach you how to configure billing monitoring and alerting to notify you if your AWS bill ever exceeds what you expect to pay.

Some of the labs won’t cost anything to complete, while others can cost some amount of money (if you perform them in your account, not ours — we will never charge you extra for using our labs). This will be clearly noted in each lab before you start so that there are no surprises and you can choose to skip the labs that cost money if you want.

With that said, sometimes, resources can continue to cost you money if you forget to turn them off or delete them, in which case you could end up with a surprise bill. These are the scary stories you’ve heard about on social media in regards to the cloud. This lab is designed specifically to help prevent that.

For example, if you are OK with spending up to $5.00 on labs for this course, then you could set an alert that notifies you when you reach $5.00, or when you get close to that (say $4.00) that way you can investigate and see if something was left running before you exceed $5.00. This is just an example number, and you can select whatever dollar value you’re comfortable with.

Let’s get started by following the below steps.

Enable Budgets (new and best way)

AWS has made it easier than ever to enable budgets that will notify you if your costs either exceed your set budget, or are estimated to exceed your budget.

You can create different kinds of budgets, like:

  • Zero spend budget – create a budget that notifies once your spending exceed $0.01
  • Monthly cost budget – create a budget that notifies if you exceed or are forecasted to exceed the budget amount, each month

There are a couple of other options but those are the two I would recommend for this course.

To enable, search for and click on “Budgets.”

You’ll then be able to select what kind of budget you want, and how you want to configure it:

These are my recommended settings, but if you don’t want to spend any money at all you would select a different option, or if you are OK with spending more than $30, you can increase the “Enter your budgeted amount ($)” value.

Then click on “Create budget” and you’re good to go!

Enable billing alerts (old and supplemental way)

This is how we used to create budget alarms before Budgets were an available feature in AWS. Feel free to still go through these steps if you’d like to learn about CloudWatch billing alerts — but this is optional.

  1. Log into your AWS account
  2. Pull up the billing dashboard (you can search for “billing”)
  3. Click on Billing Preferences in the left-bar menu
  4. Enable “Receive CloudWatch billing alerts”
  5. Click on “Save Preferences”
This image has an empty alt attribute; its file name is Screenshot-2023-10-04-at-9.36.29-AM.png

Creating an alarm

  1. Search for the service “CloudWatch” and click on it
  2. Make sure your region is set to “N. Virginia” (billing metrics are stored in this region, so this is necessary)
  3. Click on “All alarms” in the left-bar menu
  4. Click on “Create alarm”
  5. Click on “Select metric”
  6. You should see a “Billing” option under “Metrics” but if you don’t, you can search for it in the search bar below “Metrics”
  7. Select “Total Estimated Charge”
  8. Select the row with the metric name “EstimatedCharges” and then click on “Select metric” in the bottom right
  9. Choose “Maximum” for the “Statistic” option if it’s not already
  10. You can keep the “Period” at “6 hours”
  11. For the “Threshold type” under “Conditions” you will want to select “Static”
  12. For the “Whenever EstimatedCharges is…” option, you can select whatever you’d like between Greater and Greater/Equal
    1. If you want to get notified when charges reach or exceed $5.00, then you would select “Greater/Equal”
    2. If you want to get notified when charges exceed $5.00, then you would select “Greater”
  13. Set your dollar value in the “than…” input box
  14. Expand the “Additional configuration” and make sure that you see:
    1. “Datapoints to alarm” “1 out of 1”
    2. “Missing data treatment” set to “Treat missing data as missing”
  15. Click on “Next”
  16. Under notification, make sure it’s set to “In alarm” and “Create new topic” for the SNS topic
  17. You can leave the default topic name if you’d like, then add your preferred email to receive the notification (you can add multiple emails)
  18. Click on “Create Topic”
  19. You should receive an email shortly after from “AWS Notification – Subscription Confirmation” → you will need to click on “Confirm subscription” which is their way of preventing spam.
    1. You should see a page that says “Subscription confirmed!”
    2. (If you don’t have the email yet, wait a few minutes and check you didn’t misspell the email or check your spam folder)
  20. Back to the AWS console, you can click on “Next”
  21. You can now name it something like “Billing threshold alarm” and you don’t have to put in a description
  22. Review your settings to make sure they look right, then “Create alarm”
Step 2: Make sure you’re in US East region for this to work
Step 6: Billing Metric
Step 7: Look for “Total Estimated Charge” -> Select it -> Click on “Select Metric”

You will now see your brand-new alarm. Initially, it will say that the state is “insufficient data” but give it a minute or two, and it will change to “OK.” If you don’t see it after a couple of minutes, you can refresh the page.

Now that you have a billing alert, you will get notified based on the dollar value you set, and based on whether you set it to greater or greater than/equal to.

Reviewing your costs

Of course, you don’t have to wait for an alarm to come through to check on how much you’re spending in AWS. You can go back to the Billing dashboard and you will see a summary on the main dashboard. It will show you:

  • Current month’s total forecast
  • Current MTD (Month-to-date) balance
  • Prior month for the same period with trend

You can also see additional breakdowns further down on this page, or in the “Cost explorer.” Feel free to check that out if you’re interested, but otherwise, let’s complete this lab!

If you have any issues with this lab, please comment below and we’ll take a look!

Responses

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

    1. Absolutely! I also need to add at some point that you can create Budgets in AWS which is another way of making sure you don’t overspend month over month