AWS Account Management

Community Edition users are able to connect their own AWS account and take advantage of the powerful range deployment and management capabilities of the Cyber Ranges platform, for free. This means you only pay AWS directly for the range infrastructure you actually use!

Creating an AWS Account

We strongly recommend creating a dedicated AWS account for use with the Cyber Ranges platform. This offers several advantages as it allows you to:

  1. Easily and accurately monitor your billing
  2. Segment your Cyber Ranges infrastructure from personal or company infrastructure
  3. More easily clean up range resources if you choose to disconnect your account from the Cyber Ranges platform

To sign up for a free AWS account, check out the AWS Free Tier.

πŸ“˜

EC2 Limits

For newly created accounts, the Running Instances limit may be quite small (5 vCPUs). Most range templates will require more than this, so we recommend requesting a limit increase as soon as you set up your AWS account.

You can request a service limit increase here. We deploy ranges into the US-East-1 region currently, so be sure to request the increase in that region.

Make sure to request an increase for "Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) instances". We recommend at least 120 vCPUs to allow running multiple range environments simultaneously.

Other limits you might run into include:

  • VPC Limits (1 per range)
  • Elastic IP Address (1 per range)
  • Public AMIs (1 per system when sharing a template)

Connecting your AWS Account to Cyber Ranges

Connecting your AWS account to your Cyber Ranges account is simple! If you've already got an AWS account, you can be up and running in just a couple minutes.

Follow the instructions in the AWS Connection Wizard to connect your accounts in just a few clicks. Behind the scenes, Cyber Ranges will:

  • Deploy a CloudFormation Stack
  • Create an IAM Role with the required permissions
  • Automatically detect when your accounts are connected
  • Assume this IAM Role to deploy and manage ranges within your own account

Cyber Ranges IAM Permission Requirements

The Cyber Ranges platform needs certain permissions within your AWS account to successfully deploy and manage your range systems. We DO NOT need full administrative access!! The IAM role we create has the minimal permissions required for the platform to function.

We require most permissions to interact with EC2, including permissions to create, modify, and delete resources like EC2 instances, EBS volumes, snapshots etc. For a full list of the specific permissions required, be sure to review the CloudFormation stack created when connecting your AWS and Cyber Ranges accounts.

Disconnecting your AWS Account

To disconnect your account, browse to the Account Settings page and select Disconnect.

🚧

Stranded Cyber Ranges Resources

Be careful when disconnecting your AWS Account from Cyber Ranges. You should first delete your deployed ranges!

Upon disconnecting you're account, Cyber Ranges will lose the ability to manage resources on your behalf. If you disconnect before deleting your existing ranges, there may be resources left in your AWS Account, including running EC2 instances, that may significantly affect your monthly bill.

If you do elect to leave ranges deployed, but disconnect your account, you can identify Cyber Ranges managed resources for future cleanup by the CyberRanges tag.