This document outlines an AWS security workshop on threat detection and response. The workshop is divided into four modules: 1) building detective controls in the AWS environment, 2) simulating an attack, 3) detecting and responding to the attack, and 4) reviewing what happened and cleaning up resources. The document provides an agenda, prerequisites, and step-by-step instructions to guide participants through setting up AWS services for threat monitoring, launching an attack, and using services like GuardDuty, Macie and CloudWatch Events to detect and respond to security threats.