Cloud Security Labs

Build security skills on real cloud configs — safely.

Investigate, harden, and remediate real resources in isolated sandboxes — IAM, network controls, misconfigurations — with every fix verified automatically.

Browse all

What you'll practice

IAM HardeningNetwork ControlsMisconfig HuntsDefensive Workflows
labs.cloudlearn.io/security — posture
Live

Cloud Security Hardening Lab

Sandbox account · fully isolated

Step 3 of 4
Identify exposed access path
Apply least-privilege controls
Run policy validation checks
Confirm remediated posture
audit

$ check security-policy --session

found: bucket policy allows *

✓ remediated: scoped to role

Check passed: posture remediated
IAM & Least PrivilegeSecurity GroupsNSGs & FirewallsKey Vault & SecretsEncryptionPublic ExposureRBACPolicy ReviewHardeningLogging & MonitoringMisconfigurationsSecure Access PatternsIAM & Least PrivilegeSecurity GroupsNSGs & FirewallsKey Vault & SecretsEncryptionPublic ExposureRBACPolicy ReviewHardeningLogging & MonitoringMisconfigurationsSecure Access Patterns

Why these labs work

Built for real work, not slide decks

Security tasks, not trivia

Configure controls, inspect resources, and validate outcomes in real environments — instead of answering multiple-choice questions about them.

$ aws iam simulate-principal-policy ...

action s3:DeleteBucket → DENIED

action s3:GetObject → ALLOWED

✓ Check passed: least privilege enforced

< 2 min

from clicking Start to a live, isolated environment you can safely attack and defend.

Verified, not self-reported

Automated checks inspect your actual environment state. Completion is proof the work happened.

Break things safely

Every learner gets an isolated environment with security policies, cost controls, and automatic cleanup.

Evidence of readiness

Verified lab completion gives teams a far stronger signal than watch time or awareness-training attendance.

Start here

Popular security labs

Browse all security labs
Secure Azure Storage with Private Endpoints
Intermediate1 hour

Secure Azure Storage with Private Endpoints

Create a Storage Account, disable public access, and configure a Private Endpoint for secure blob connectivity.

Azure Private Endpoints - Lock Down Your Storage and SQL
Intermediate1 hour

Azure Private Endpoints - Lock Down Your Storage and SQL

Create Private Endpoints for Azure Storage and SQL Database, disable public access, and verify private-only connectivity from a VM.

Conduct a Threat Hunt Using Kusto Query Language (KQL)
Intermediate1 hour and 15 minutes

Conduct a Threat Hunt Using Kusto Query Language (KQL)

Hunt for indicators of compromise in security logs using advanced KQL queries mapped to MITRE ATT&CK tactics.

Outcomes

What you'll walk away with

  • Practice IAM hardening, least privilege, and policy review.
  • Configure network boundaries, ingress controls, and secure access patterns.
  • Investigate misconfigurations in guided cloud scenarios.
  • Build practical security confidence before working in production accounts.

Who it's for

Built for cloud defenders

Security learners

Building practical cloud defense experience beyond certifications.

Cloud engineers

Responsible for delivering secure infrastructure, not just running it.

Security teams

Creating repeatable enablement instead of passive awareness training.

FAQ

Security labs, answered

Learners configure controls, inspect resources, and validate outcomes in guided scenarios. The focus is practical cloud security work, not memorized answers.

Train defenders on real infrastructure.

Launch a free security lab, fix a real misconfiguration, and let the checks prove the posture improved.

Train a Team