Question 1

How much does it cost to run TerraGoat?

Accepted Answer

TerraGoat itself is free and open-source, but deploying it incurs real cloud costs from AWS, Azure, or GCP for the resources created, such as EC2 instances and databases, so monitor your usage and destroy stacks after training to avoid charges.

Question 2

How to set up TerraGoat for Azure step by step?

Accepted Answer

Follow the Azure setup in the README: create a resource group and storage account using Azure CLI, then run terraform init and apply in the terraform/azure directory, ensuring you configure backend state storage as specified.

Question 3

What's the difference between TerraGoat and CfnGoat?

Accepted Answer

TerraGoat is for Terraform configurations, while CfnGoat is for CloudFormation; both are part of Bridgecrew's vulnerable-by-design series but target different infrastructure-as-code tools, so choose based on your IaC preference.

Question 4

Can TerraGoat be used for PCI DSS compliance training?

Accepted Answer

Yes, as indicated by the PCI badge in the README, it includes vulnerabilities relevant to PCI DSS standards, but it's for training purposes only—not for achieving actual compliance in production environments.

Question 5

How to integrate TerraGoat with CI/CD pipelines?

Accepted Answer

You can incorporate it into CI/CD by running terraform commands and security scans (e.g., with Checkov) in pipeline stages, but the README doesn't provide specific integration guides, so you may need to adapt the setup for automation.

Question 6

Is TerraGoat suitable for beginners in cloud security?

Accepted Answer

It's best for those with basic Terraform and cloud knowledge, as the setup requires CLI familiarity and understanding of cloud concepts; beginners might struggle with the complexity without prior experience.

Question 7

How to safely destroy all TerraGoat resources?

Accepted Answer

Use the terraform destroy command in each cloud directory, and for multiple stacks, follow the README's scripting examples to iterate through environments, ensuring you clean up to avoid lingering costs.

Terragoat

What is Terragoat?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions