Collecting custom metrics (for example, using the CloudWatch agent)
Automating system inventory, configuration, and patch management (for example, Systems Manager, AWS Config)
Visualizations to identify anomalies
Automating the application of security controls in multi-account and multi-Region environments (for example, Security Hub, Organizations, AWS Control Tower, Systems Manager)
Automating remediation by using AWS services (for example, AWS Lambda, AWS Step Functions, EventBridge, AWS Systems Manager runbooks, Security Hub, AWS Config)
Preparing services for incidents and recovering services after incidents
Designing mechanisms to forward traffic over secure connections (for example, by using Systems Manager and EC2 Instance Connect)
Configuring S3 events to process log files (for example, by using Lambda) and deliver log files to another destination (for example, OpenSearch Service, CloudWatch Logs)
Disaster recovery concepts (for example, RTO, RPO)
Troubleshooting deployment issues
Security configurations (for example, IAM roles and permissions to allow for log collection)
Designing and implementing playbooks and runbooks for responses to security incidents
Centrally managing security services and aggregating findings (for example, by using delegated administration and AWS Config aggregators)
Building CloudWatch dashboards and Amazon QuickSight visualizations
Running load/stress tests, performance benchmarking, and application testing at scale
Invoking AWS services in a pipeline for testing