# AWS The lab environment for this workshop is hosted on Amazon Web Services (AWS) to ensure maximum convenience and a seamless experience for all participants. The workshop setup includes a base virtual machine (VM) for our Command and Control (C2) server, alongside a fully configured Active Directory (AD) domain. This domain features a bastion host (serving as a VPN concentrator), three domain controllers, and a workstation. While it's technically possible to host this setup locally, leveraging AWS provides a more streamlined, reliable, and scalable solution to ensure the best possible learning environment. **Walkthrough: Creating a New AWS Account and Generating IAM Secrets with Full Administrator Access** A full video walkthrough can be found here: {% embed url="" %} 1. Open your browser and navigate to 2. You will be asked to provide a root user email address as well as an AWS account name, please fill out these values accordingly. 3. When done, click the Verify email address button
4. after verification of email, you will be requested to create a root user password - please create a secure password and remember it - or use a password manager. 5. AWS will ask for additional details, please fill out the appropriate values, don't worry they do not send you spam (at least they never have to me)
6. AWS will ask to provide a payment method. Fill out the appropriate values.
7. AWS will ask to verify your identity via a phone call or text message.
8. Last AWS will ask you to select a support plan - select Basic support.
Congratulations, you now created your account and should be able to sign in to the management console.
Once Logged in, you will be greeted with a console dashboard. 9. Navigate to IAM (Identity Access Management) by clicking on the IAM button if visible or by typing IAM in the search bar
10. Click **Users** on the left-hand side.
11. Click **Create User**
12. provide a username, such as terraform or robodeploy
13. Click **Attach Policies Directly** {% hint style="info" %} typically, AdministratorAccess is discouraged. However, since this terraform deployment is managing VPCs, Routing Tables, Security Groups and EC2 instances, it facilitates overhead. If you are uncomfortable with AdministratorAccess, make sure to delete the user after the workshop ends. {% endhint %} 14. Search for **AdministratorAccess** 15. Click the little square so the box is checked and then click next \ (you might have to scroll down to reveal the next button)
16. You will be taken to a Review page, click the **create user** button
17. Once created, select the user from the overview and click on the **Create access key** button
18. Select Command Line Interface (CLI) as use case
19. check the Confirmation button 20. you can skip the description tag and just click the Create access key button.
21. Note your Access key and Secret Access Key, as you will need this for terraform later.
Congratulations, this is the end of the AWS setup guide. **again, make sure to keep those access key and secret key handy, we will need them later.** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://sec565.gitbook.io/ad-privesc-with-empire/installing-the-environment/aws.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.