This document discusses evolving incident response processes and capabilities for AWS environments. It begins with an overview of incident response and how runbooks can help support the process. It then covers how the people, processes, and tools involved in incident response need to account for working in AWS. The presentation explores various AWS services that can empower incident response, such as GuardDuty, CloudTrail, CloudWatch, and AWS Config. It also discusses how to approach tasks like network isolation, disk capture, and data analysis in AWS. The document emphasizes that incident response in AWS allows for more automation, scalability, and self-healing capabilities compared to on-premises environments. It stresses the importance of prerequisites like roles and centralized logging when building