AWS security Incident Handling
RCCE students will learn Amazon Web Services security architecture and operations including IAM policies, VPC security, Security Hub, GuardDuty, CloudTrail analysis, S3 bucket security, KMS encryption, and Lambda function security. RCCE students will learn to secure AWS workloads using native and third-party security controls, configure IAM least-privilege policies, design secure VPC architectures with security groups and NACLs, enable and analyze CloudTrail logs for security investigations, detect misconfigurations using AWS Config and Security Hub, respond to alerts from GuardDuty, and implement automated security remediation using Lambda and Step Functions. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. Building on core knowledge, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- Cloud Security Architects and Engineers
- DevSecOps and Platform Engineers
- Identity and Access Management Specialists
- Security Analysts securing cloud workloads
- Professionals implementing AWS security Incident Handling
- Explain Course Overview fundamentals — covering IAM policies and least privilege design, VPC security groups and NACLs.
- Execute hands-on tasks for aws security operations — covering IAM policies and least privilege design, VPC security groups and NACLs.
- Execute hands-on tasks for incident handling skills — covering Structured containment workflows, Digital evidence collection in AWS.
- Execute hands-on tasks for hands-on labs — covering CloudTrail forensic investigation, GuardDuty alert response drill.
- Execute hands-on tasks for operational artifacts — covering IR checklists and runbooks, Escalation ladders and decision flows.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for customer responsibility (in-cloud) — covering Physical infrastructure protection, IAM policy configuration.
- Execute hands-on tasks for incident handling implication — covering Customers own detection, response, and recovery for workloads.
- Integrate privilege controls with identity providers and SIEM telemetry, including IAM, SSO, Organizations, and STS temporary.
- Execute hands-on tasks for network layer — covering VPC, Security Groups,, PrivateLink, Transit.
- Execute hands-on tasks for iam, sso, organizations — covering STS temporary.
| Module 01 | Course Overview |
| Module 02 | AWS Security Operations |
| Module 03 | Incident Handling Skills |
| Module 04 | Hands-On Labs |
| Module 05 | Operational Artifacts |
| Module 06 | AWS Shared Responsibility Model |
| Module 07 | Customer Responsibility (In-Cloud) |
| Module 08 | Incident Handling Implication |
| Module 09 | AWS Security Architecture |
| Module 10 | Identity Layer |
| Module 11 | Network Layer |
| Module 12 | IAM, SSO, Organizations |
| Module 13 | Detection Layer |
| Module 14 | GuardDuty, Security Hub |
All hands-on labs run on Rocheston Rose X OS. Students practice aws security incident handling by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Explain Course Overview fundamentals
- Lab 2: Execute hands-on tasks for aws security operations
- Lab 3: Execute hands-on tasks for incident handling skills
- Lab 4: Execute hands-on tasks for hands-on labs
- Lab 5: Execute hands-on tasks for operational artifacts
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for AWS security Incident Handling, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI