I just found out about this yesterday on Software Engineering Radio podcast episode 314. While you’re waiting for the Certified Security course to be updated, you might find this a fun way to test out your knowledge of IAM, which the course doesn’t really cover much yet (possibly because it’s assumed you already know it). See how far you can get with the fewest hints! I got to level 4 on my lunch break yesterday with no hints.
(flaws.cloud is the URL where you start the challenge.)
You should check flasw2.cloud as well.
Even AWS S3 CTF Challenges: https://n0j.github.io/2017/10/02/aws-s3-ctf.html
and CTF 101 in AWS: https://r00tz-ctf.awssecworkshops.com/
I would suggest only doing this in a sandboxed environment.