This chapter helps readers learn how to gather information about the status of their resources and the events they produce. These events represent how the resources are changing and how they are interacting with external elements and also among themselves. The chapter introduces several AWS Cloud services supporting multiple detective activities. To explain the various detective controls, it follows the detective controls flow framework. The framework is split into four main stages: resources state, events collection, events analysis, and action. AWS services in the detection category allows readers to monitor resources not only at the AWS part of the shared responsibility model but also by gathering information related with the user part of the model. Taking advantage of the automation provided by the cloud, these services are able to capture the events and changes affecting the resources and, using the cloud analytics capabilities, can process those records and produce insights related to security events.