AWS security Monitoring and Detection
RCCE students will learn Amazon Web Services security architecture and operations including IAM policies, VPC security, Security Hub, GuardDuty, CloudTrail analysis, S3 bucket security, KMS encryption, and Lambda function security. RCCE students will learn to secure AWS workloads using native and third-party security controls, configure IAM least-privilege policies, design secure VPC architectures with security groups and NACLs, enable and analyze CloudTrail logs for security investigations, detect misconfigurations using AWS Config and Security Hub, respond to alerts from GuardDuty, and implement automated security remediation using Lambda and Step Functions. This monitoring course teaches comprehensive detection and observability strategies for proactive security operations. At an expert level, RCCE students will learn to instrument systems for security telemetry, build detection pipelines, configure alerting, and maintain monitoring coverage as environments evolve. Students gain the visibility and detection capabilities needed to catch threats early.
- Cloud Security Architects and Engineers
- DevSecOps and Platform Engineers
- Identity and Access Management Specialists
- Security Analysts securing cloud workloads
- Professionals implementing AWS security Monitoring and Detection
- Monitor and audit privilege usage; detect escalation attempts
- Execute hands-on tasks for advanced cloud security operations
- Explain Course Overview fundamentals
- Execute hands-on tasks for what you will learn
- Execute hands-on tasks for key outcomes — covering AWS security architecture fundamentals, Instrument AWS for security telemetry.
- Execute hands-on tasks for lab environment — covering AWS account with admin access.
- Design a scalable privilege management architecture with policy and enforcement, including Physical data center security, and IAM policies and access control.
- Execute hands-on tasks for customer responsibility (security in the cloud) — covering Physical data center security.
- Execute hands-on tasks for aws security services landscape
- Execute hands-on tasks for recovery controls — covering IAM policies block.
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for policy evaluation logic — covering Root account (avoid for daily use), Explicit Deny always wins.
| Module 01 | AWS Security Monitoring |
| Module 02 | Advanced Cloud Security Operations |
| Module 03 | Course Overview |
| Module 04 | What You Will Learn |
| Module 05 | Key Outcomes |
| Module 06 | Lab Environment |
| Module 07 | AWS Shared Responsibility Model |
| Module 08 | Customer Responsibility (Security IN the Cloud) |
| Module 09 | AWS Security Services Landscape |
| Module 10 | Recovery Controls |
| Module 11 | IAM Architecture and Principals |
| Module 12 | Policy Evaluation Logic |
| Module 13 | Federated identities via SAML/OIDC |
| Module 14 | Best Practices |
All hands-on labs run on Rocheston Rose X OS. Students practice aws security monitoring and detection by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Monitor and audit privilege usage; detect escalation attempts
- Lab 2: Execute hands-on tasks for advanced cloud security operations
- Lab 3: Explain Course Overview fundamentals
- Lab 4: Execute hands-on tasks for what you will learn
- Lab 5: Execute hands-on tasks for key outcomes
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for AWS security Monitoring and Detection, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI