[brianoconnor]

You can check out the documentation of the scenarios, they list the created AWS resources. The ones I checked looked either free or cheap to me. No guarantee of course and usage can also generate cost.

   https://github.com/RhinoSecurityLabs/cloudgoat/blob/master/scenarios/vulnerable_lambda/README.md
   1 IAM User
   1 IAM Role
   1 Lambda
   1 Secret

[alias_neo]

Ah thanks, that makes sense. So I only need to run what is needed for the scenario (plus anything I need to complete the scenario), some of them like the one you picked seem pretty light weight, which is nice.

[nativeit]

Keep it small and you’re unlikely to get beyond the free tiers, but be sure to remove payment methods and/or close the account after you’ve finished. I had a zombie forgotten account all of a sudden start hitting my debit card one month because of some DNS traffic I wasn’t aware of. It wasn’t much, but I have also had to negotiate charges in another instance. It’s not that the ability to understand and control the fees aren’t available—but for anyone who’s unused to AWS it can be complicated, and easy to forget some single aspect.

[alias_neo]

Good point, maybe I should use one of those services that let you use virtual cards you add money to and ftheure disposable? Never looked into these, but the horror stories I've seen on HN have seriously pit me off trying AWS even though I've regularly used other cloud providers.