Is there an echo in here?
The title is a hint. Look at the CloudFormation template after running setup.sh to solve the challenge. The challenge exploits an "insecure feature" within CloudFormation.
Average Rating: 4.7
Estimated Cost: $1
Download the zip file, then run setup.sh as pentesting-admin.
Switch to pentesting-user to solve the challenge.
No cheating :) You can look at the template source code in the console, but don't look at setup.sh.
The flag is an md5 hash located in flag.txt in the root folder of the s3 bucket created by the challenge.