Cloud Cost Optimization
Cloud Cost Optimization for Red Team Infrastructure
Cloud costs in red team operations are uniquely spiky — you might spin up 50 instances for a week-long engagement, then nothing for a month. This pattern makes it easy to waste money through oversized instances, forgotten infrastructure, or missed opportunities for spot pricing. The strategies here are specifically tuned for the "burst and teardown" pattern typical of red team work.
Instance Right-Sizing
Most red team tools (C2 frameworks, scanners, proxy servers) are surprisingly lightweight. Overprovisioning is the most common cost mistake.
Practical baselines:
- Minimum viable: 2 vCPU + 4 GB RAM handles most single-tool deployments (Cobalt Strike, Sliver, scanning)
- Comfortable: 4 vCPU + 8 GB RAM for multi-tool setups or heavy scanning
- Overkill warning: If you're deploying
m5.2xlargeor equivalent for a single C2 server, you're paying 4x more than necessary
| Use Case | AWS | Azure | GCP | Monthly Cost (approx.) |
|---|---|---|---|---|
| Light (C2, proxy) | t3.small |
B2s |
e2-small |
$15-20 |
| Standard (multi-tool) | t3.medium |
B2ms |
e2-medium |
$30-40 |
| Heavy (scanning cluster) | t3.xlarge |
B4ms |
e2-standard-4 |
$60-80 |
More from wgpsec/redc-template
multi-cloud deployment
Guide for deploying infrastructure across multiple cloud providers (AWS, Azure, GCP, Alibaba Cloud, Tencent Cloud, Huawei Cloud, Volcengine). Use this skill whenever the user mentions deploying to more than one cloud, comparing cloud providers, selecting regions, configuring provider credentials, or asking about cross-cloud compatibility. Also use when the user asks about a specific Chinese cloud provider (Alibaba, Tencent, Huawei, Volcengine) since these have unique authentication patterns that differ from Western clouds.
1terraform-provider-docs
Look up official Terraform provider documentation before writing or debugging any Terraform resource, data source, or provider configuration. Use this skill whenever you encounter a Terraform error, need to write a new resource block, are unsure about argument syntax or valid values, need to check resource attribute constraints, or want to understand provider-specific behaviors. Consult the docs first instead of guessing Terraform arguments from memory — it consistently saves multiple debug cycles.
1aws security hardening
AWS security hardening guide for red team infrastructure. Use this skill whenever the user is deploying to AWS, configuring IAM policies, setting up VPCs or security groups, asking about SSH access, encryption, key rotation, or any AWS security question. Also apply when the user mentions EC2 instances, EBS volumes, S3 buckets, or AWS networking — even if they don't explicitly ask about "security", because every AWS deployment should follow these hardening practices by default.
1terraform best practices
Terraform IaC best practices for cloud infrastructure deployments. Use this skill whenever the user is writing Terraform code, creating templates, generating .tf files, asking about state management, modules, variables, security groups, or any infrastructure-as-code question. Also use when reviewing or debugging Terraform configurations, discussing provider setup, or planning multi-resource deployments — even if the user doesn't explicitly mention "Terraform" but is clearly working with .tf files or HCL syntax.
1deployment troubleshooting
Diagnose and fix Terraform deployment errors in RedC scenarios. Use this skill whenever the user encounters an error during deployment — whether it's a Terraform init failure, authentication error, resource creation failure, network timeout, state conflict, or cloud-init problem. Also use when the user pastes an error message, says "deployment failed", asks why something isn't working, or reports that instances are unreachable after creation. This skill covers the most common failure modes across all cloud providers supported by RedC.
1