Through a series of levels you'll learn about common mistakes and gotchas when using Amazon Web Services (AWS). There are no SQL injection, XSS, buffer overflows, or many of the other vulnerabilities you might have seen before. As much as possible, these are AWS specific issues.
Link: http://flaws.cloud/
Similar to the original flAWS.cloud, this game/tutorial teaches you AWS (Amazon Web Services) security concepts. flAWS 2 has two paths this time: Attacker and Defender! In the Attacker path, you'll exploit your way through misconfigurations in serverless (Lambda) and containers (ECS Fargate). In the Defender path, that target is now viewed as the victim and you'll work as an incident responder for that same app, understanding how an attack happened. You'll get access to logs of a previous successful attack. As a Defender you'll learn the power of jq in analyzing logs, and instructions on how to set up Athena in your own environment.
Link: http://flaws2.cloud/
Use Terraform to create your own vulnerable by design AWS IAM privilege escalation playground.
Link: https://github.com/BishopFox/iam-vulnerable
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool.
Link: https://github.com/RhinoSecurityLabs/cloudgoat
A DHIY (Deploy and Hack It Yourself) Project that you can deploy and run a bunch of 'orribly insecure functions on AWS Lambda
Link: https://github.com/we45/DVFaaS-Damn-Vulnerable-Functions-as-a-Service
This is a demonstration project to show how to do privilege escalation on AWS. DO NOT deploy this on an AWS account unless you know very well what you are doing!