AWS Security Specialty Exam Guide: SCS-C03 Prep & Study Plan [2026]

The AWS Certified Security Specialty (SCS-C03) is one of the most demanding AWS certifications you can pursue. AWS released this updated version in December 2025, adding a new domain for generative AI and machine learning security that most study guides haven't caught up with yet.

If you're preparing for SCS-C03, you're likely finding outdated resources that still cover the retired SCS-C02 exam. The domain structure changed significantly, and the addition of AI/ML security requirements means old study materials won't cut it.

In this guide, you'll get a complete 2026 preparation roadmap specifically for SCS-C03. I cover the updated domain breakdown, service comparison matrices to help you distinguish between similar services, practical study plans (both 8-week and 4-week options), hands-on lab recommendations, and exam strategies that work. Whether you're an experienced security professional or transitioning into cloud security, this guide gives you everything you need to pass on your first attempt.

Why AWS Security Specialty Matters in 2026

The AWS Certified Security Specialty certification validates deep expertise in securing AWS workloads and architectures. It's not just another credential to add to your LinkedIn profile. It demonstrates that you can design secure architectures, implement security controls, respond to incidents, and maintain compliance across AWS environments.

From a career perspective, this certification carries significant weight. Security-certified professionals command higher salaries and are often required for security architect and engineering roles. AWS recognizes certified individuals with a digital badge, access to the AWS Certified community, and invitations to exclusive AWS Certified events.

The certification requires recertification every 3 years, which encourages you to stay current with the rapidly evolving AWS security landscape. Given how quickly AWS releases new security features (GuardDuty Extended Threat Detection, Security Hub CSPM capabilities, Resource Control Policies), this recertification requirement actually benefits your career by keeping your knowledge fresh.

Who should pursue this certification?

• Security engineers and architects looking to validate their AWS security expertise
• Solutions architects wanting to specialize in security
• DevOps engineers responsible for implementing security controls
• Compliance professionals working with AWS environments
• Anyone transitioning into cloud security roles

SCS-C03 vs SCS-C02: What Changed

AWS launched SCS-C03 in December 2025, retiring SCS-C02 on December 1, 2025. This isn't a minor update. The exam has been restructured with significant content changes that affect how you should prepare.

The most significant change is the addition of Domain 7: Generative AI and Machine Learning Security. With the explosion of AI workloads on AWS, the exam now tests your ability to secure Amazon Bedrock workloads, implement guardrails for generative AI applications, protect model training data, and understand GuardDuty detection capabilities for AI/ML activities.

The exam also restructured existing domains. Detection and Incident Response are now combined into a single domain with expanded coverage of Extended Threat Detection for multi-stage attacks. The governance domain received enhanced focus on Resource Control Policies (RCPs), a newer policy type that complements Service Control Policies (SCPs).

Impact on your preparation: If you have old study materials, don't rely on them exclusively. The domain percentages from SCS-C02 no longer apply, and several services have new features that are now exam content. Focus on resources specifically updated for SCS-C03.

Exam Overview

Before diving into domains and study strategies, let's cover the logistics you need to know.

Exam Format and Structure

The AWS Certified Security Specialty exam follows the standard specialty certification format:

• Exam Duration: 170 minutes (2 hours 50 minutes)
• Question Count: 65 questions
• Question Format: Multiple choice and multiple response
• Exam Cost: $300 USD
• Passing Score: Not publicly disclosed (AWS uses scaled scoring, typically around 750/1000)
• Exam Code: SCS-C03
• Delivery Method: Pearson VUE testing centers or online proctoring

Pro tip: If you haven't already, follow my advice on getting 30 minutes extra time for your AWS exams. This accommodation is available to non-native English speakers and can make a significant difference on a demanding exam like this one.

Prerequisites and Recommended Experience

AWS doesn't enforce prerequisites, but they recommend:

• 2-3 years of hands-on AWS security experience
• Familiarity with multi-account architectures using AWS Organizations
• Understanding of encryption concepts (at rest and in transit)
• Experience with IAM policies and access control
• Knowledge of the AWS shared responsibility model

While not required, having the AWS Solutions Architect Associate certification provides a solid foundation. Many successful candidates also have the AWS Cloud Practitioner as their starting point.

Test Center vs Online Proctoring

You can take the exam at a Pearson VUE testing center or through online proctoring. Both options have their trade-offs.

Test center advantages: Distraction-free environment, no technical setup concerns, professional proctoring staff.

Online proctoring advantages: Convenience of taking it from home, no travel time, familiar environment.

If you choose online proctoring, complete the technical setup test at least 24 hours before your exam. You'll need a clean workspace with no papers, additional monitors, or other items visible. The proctor will ask you to show your entire room via webcam. Have a valid government-issued ID ready.

SCS-C03 Domain Breakdown

The SCS-C03 exam covers seven domains. AWS hasn't publicly disclosed the exact percentage weightings for this version, but based on the exam guide and historical patterns, IAM and Infrastructure Security tend to carry the most weight.

Note: These percentages are estimates based on exam guide emphasis and typical AWS specialty exam patterns. AWS does not publish official domain weightings for SCS-C03.

Here's what you need to know about each domain.

Domain 1: Threat Detection and Incident Response

This domain tests your ability to detect threats and respond to security incidents using AWS services. You need to understand not just individual services, but how they integrate to provide comprehensive threat detection.

Key services and concepts:

• Amazon GuardDuty: Configuration, findings analysis, Extended Threat Detection for multi-stage attacks, Runtime Monitoring for EKS and EC2, Malware Protection for S3
• AWS Security Hub: Integration and correlation of findings, security standards (FSBP, CIS, PCI DSS), CSPM capabilities, exposure findings
• Amazon Detective: Root cause analysis, visual investigation tools, correlation with GuardDuty findings
• Automated Response: EventBridge rules triggering Lambda functions, Step Functions for complex workflows, Systems Manager for remediation

What to focus on: Understand how GuardDuty findings flow to Security Hub, how Detective helps investigate those findings, and how to automate responses using EventBridge. Know the difference between threat detection (identifying potential issues) and incident response (taking action).

Domain 2: Security Logging and Monitoring

Effective security requires comprehensive logging and the ability to analyze that data. This domain covers the logging infrastructure that feeds your detection capabilities.

Key services and concepts:

• AWS CloudTrail: Multi-region trails, organization trails, log file validation, CloudTrail Lake for SQL querying, data events vs management events
• VPC Flow Logs: Network traffic monitoring, log formats, analysis with Athena
• AWS Config: Resource configuration tracking, compliance monitoring, advanced queries
• CloudWatch Logs: Log aggregation, metric filters, alarms for security events

What to focus on: Understand centralized logging architectures. Know when to use CloudTrail Lake versus exporting to S3 and querying with Athena. Be familiar with VPC Flow Logs at different levels (VPC, subnet, ENI) and what data they capture.

Domain 3: Infrastructure Security

This domain covers securing your network infrastructure and protecting against attacks at the network and application layers.

Key services and concepts:

• VPC Security: Security groups (stateful), Network ACLs (stateless), VPC endpoints, PrivateLink
• AWS WAF: Managed rule groups, custom rules, Bot Control, anti-DDoS managed rule group with ML-based detection
• AWS Shield: Standard (automatic, free) vs Advanced (paid, DRT access, cost protection)
• AWS Network Firewall: Stateful and stateless inspection, Suricata-compatible IPS rules, domain filtering

What to focus on: Understand the layered approach to network security. Know when to use WAF versus Network Firewall versus Shield. Security groups vs NACLs is a classic exam topic. Be able to design a defense-in-depth architecture.

Domain 4: Identity and Access Management

IAM is the foundation of AWS security. This is consistently one of the most heavily tested domains across all AWS security content.

Key services and concepts:

• IAM Policies: Identity-based, resource-based, permissions boundaries, session policies
• AWS Organizations: Service Control Policies (SCPs), Resource Control Policies (RCPs), organizational units
• IAM Access Analyzer: Identifying unintended access, policy validation
• IAM Identity Center: Centralized SSO, integration with external identity providers
• Cross-account access: Role assumption, trust policies, external ID

What to focus on: Master policy evaluation logic. Understand how SCPs and RCPs interact with identity-based policies. Know when to use permissions boundaries versus SCPs. Review SCP examples for practical patterns.

Domain 5: Data Protection

Protecting data at rest and in transit is critical. This domain covers encryption services and data classification.

Key services and concepts:

• AWS KMS: Key types (customer managed, AWS managed, AWS owned, CloudHSM, external keys), key policies, grants, automatic rotation
• AWS Secrets Manager: Automatic rotation with managed templates, alternating users strategy
• Amazon Macie: Sensitive data discovery, managed and custom data identifiers
• AWS Certificate Manager: SSL/TLS certificate management, automatic renewal

What to focus on: KMS is essential. Know the differences between key types, when to use each, and how key policies work. Understand envelope encryption for performance. Be familiar with Secrets Manager rotation strategies for RDS, Aurora, and other databases.

Domain 6: Management and Security Governance

This domain covers compliance automation and multi-account governance. It's closely related to AWS Organizations best practices.

Key services and concepts:

• AWS Config: Rules, conformance packs, automated remediation
• AWS Control Tower: Guardrails, Account Factory, landing zone management
• AWS Audit Manager: Evidence collection, pre-built frameworks (GDPR, HIPAA, PCI DSS, SOC 2)
• Compliance Frameworks: Understanding how AWS services map to compliance requirements

What to focus on: Understand the difference between preventive guardrails (SCPs) and detective guardrails (Config rules). Know how to implement automated remediation using Config rules with Systems Manager. Be familiar with compliance framework requirements and which AWS services help address them.

Domain 7: Generative AI and ML Security - NEW in SCS-C03

This is the brand-new domain added in SCS-C03. With generative AI workloads proliferating on AWS, security professionals need to understand how to secure these environments.

Key services and concepts:

• Amazon Bedrock Security: Model access controls, guardrails for content filtering, logging model invocations
• Amazon SageMaker Security: Network isolation, encryption, IAM roles for training jobs
• GuardDuty for AI/ML: Detection capabilities for suspicious AI/ML activity
• Data Protection: Securing training data, preventing model data exposure

What to focus on: This is new territory for most candidates. Study the security controls available in Bedrock, particularly guardrails for content filtering and blocking harmful content. Understand how to log and audit model invocations. Know the basics of securing SageMaker training environments.

AWS Security Services Comparison Matrix

One of the most challenging aspects of the exam is knowing which service to use in a given scenario. These comparison tables will help you distinguish between services with overlapping functionality.

Detection Services: GuardDuty vs Inspector vs Security Hub vs Detective vs Macie

Key insight: These services work together. GuardDuty detects threats, Inspector finds vulnerabilities, Macie discovers sensitive data. All findings flow to Security Hub for aggregation. Detective helps investigate GuardDuty findings.

Infrastructure Protection: WAF vs Shield vs Network Firewall

Key insight: Shield Standard is automatic. WAF protects web applications. Network Firewall provides deep packet inspection for VPC traffic. Shield Advanced adds DRT access and cost protection for large attacks.

Encryption: KMS vs CloudHSM vs Secrets Manager

Key insight: Use KMS customer managed keys when you need fine-grained access control or compliance requirements. CloudHSM is for regulatory requirements demanding dedicated hardware. Secrets Manager is for credentials that need rotation.

Official AWS Study Resources

AWS provides comprehensive study resources through Skill Builder. These should be your primary study materials because they're guaranteed to be current and aligned with exam objectives.

AWS Skill Builder and Practice Exams

AWS Skill Builder offers both free and subscription-based resources:

• Exam Prep Plan for AWS Certified Security Specialty: Updated for SCS-C03, this structured learning path covers all domains
• Official Practice Question Sets: Available in multiple languages with detailed explanations
• Official Pretest: Shorter assessment to gauge your readiness before scheduling
• AWS Builder Labs: Hands-on security labs in real AWS environments

The Skill Builder subscription ($29/month individual) unlocks enhanced exam prep, Builder Labs, and AWS Cloud Quest game-based learning. For serious exam preparation, it's worth the investment.

Practice exam strategy: Take the official pretest early to identify weak areas. Use practice question sets for learning, not just testing. Review explanations for both correct and incorrect answers. Aim for consistently scoring 80%+ before scheduling your exam.

AWS Whitepapers and Documentation

Essential reading for the exam:

1. AWS Well-Architected Framework - Security Pillar: Seven design principles covering identity management, detection, infrastructure protection, data protection, and incident response

2. AWS Security Incident Response Guide: Preparation, detection, containment, eradication, recovery, and post-incident activity

3. Organizing Your AWS Environment Using Multiple Accounts: Multi-account strategy design and implementation (directly relevant to the governance domain)

4. AWS Security Reference Architecture: Comprehensive security service architecture patterns

For service-specific documentation, focus on the user guides for GuardDuty, Security Hub, KMS, IAM, and Inspector. The AWS Security Blog provides real-world scenarios and implementation guides that often mirror exam questions.

Third-Party Courses and Practice Exams

While AWS official resources are most accurate, third-party providers offer additional perspectives:

Important considerations:

• Verify the course is updated for SCS-C03 (not SCS-C02)
• Use third-party resources to supplement, not replace, official materials
• Focus on understanding concepts, not memorizing questions

Third-party practice exams can help you see different question styles, but their accuracy varies. Always cross-reference explanations with official AWS documentation.

Study Plan Templates

A structured study plan increases your chances of success. Here are two options depending on your timeline and availability.

8-Week Standard Study Plan

For working professionals studying 10-15 hours per week:

Weeks 1-2: Foundation and Assessment

• Download and review the official SCS-C03 exam guide
• Take the AWS Skill Builder pretest to identify weak areas
• Review IAM and AWS Organizations fundamentals
• Set up a multi-account practice environment
• Study Domain 4 (IAM) since it's foundational

Weeks 3-4: Data Protection and Encryption

• Deep dive into KMS: key types, policies, grants, rotation
• Practice Secrets Manager rotation configurations
• Explore Macie for data discovery
• Study Certificate Manager use cases
• Complete Domain 5 coverage

Weeks 5-6: Threat Detection and Monitoring

• Configure GuardDuty in your practice environment
• Set up Security Hub with security standards
• Practice CloudTrail log analysis
• Work with Amazon Inspector
• Study Detective investigation workflows
• Complete Domains 1 and 2

Weeks 7-8: Infrastructure, Governance, and AI/ML

• Configure WAF rules and web ACLs
• Study Network Firewall capabilities
• Review Shield and DDoS mitigation
• Study Config rules and conformance packs
• Learn Bedrock and SageMaker security (Domain 7)
• Complete Domains 3 and 6

Week 9-10: Review and Practice

• Take multiple practice exams
• Review weak areas identified
• Final documentation review
• Rest before exam day

4-Week Intensive Study Plan

For dedicated study with 25-30 hours per week:

Week 1: Foundation and Core Services

• Review exam guide and all domains
• Take pretest to baseline knowledge
• IAM deep dive (policies, SCPs, RCPs, permissions boundaries)
• KMS complete coverage (key types, policies, encryption patterns)
• Complete Domains 4 and 5

Week 2: Detection and Monitoring

• GuardDuty configuration and Extended Threat Detection
• Security Hub setup with all security standards
• CloudTrail configuration (organization trails, Lake)
• Inspector and Detective workflows
• Complete Domains 1 and 2

Week 3: Infrastructure and Governance

• VPC security (security groups, NACLs, endpoints)
• WAF, Shield, Network Firewall comparison
• Config rules and automated remediation
• Control Tower and Audit Manager
• Complete Domains 3 and 6

Week 4: AI/ML Security and Exam Prep

• Bedrock security controls and guardrails
• SageMaker security best practices
• Complete Domain 7
• Practice exams daily
• Review weak areas
• Rest day before exam

Domain-by-Domain Study Approach

Regardless of which timeline you choose, prioritize domains based on their coverage and your existing knowledge:

1. Start with IAM (Domain 4): It's foundational to everything else
2. Move to Data Protection (Domain 5): KMS knowledge is required across domains
3. Cover Detection and Monitoring (Domains 1-2): These services integrate heavily
4. Study Infrastructure (Domain 3): Network security builds on IAM concepts
5. Add Governance (Domain 6): Builds on Organizations and Config
6. Finish with AI/ML (Domain 7): Newest content, study last when fundamentals are solid

Hands-On Practice Guide

Reading documentation isn't enough. The exam tests your ability to implement security solutions, which requires hands-on experience. Here's how to get practical experience without breaking the bank.

Essential Labs and Exercises

AWS Builder Labs on Skill Builder provides guided labs in real AWS environments:

• VPC traffic monitoring with Flow Logs
• Securing web applications with WAF
• IAM policy configuration and troubleshooting
• KMS encryption implementation
• GuardDuty configuration and findings analysis

AWS Workshop Studio offers self-paced security workshops:

• Threat Modeling Workshop
• Security-focused AWS Jam challenges
• Incident response simulations

Critical hands-on exercises to complete:

1. Multi-Account Architecture: Set up AWS Organizations with OUs, apply SCPs, configure centralized CloudTrail
2. GuardDuty Investigation: Enable GuardDuty, generate sample findings, investigate with Detective
3. Security Hub Implementation: Enable security standards, review findings, configure automated remediation
4. KMS Configuration: Create customer managed keys, configure key policies, implement cross-account access
5. Incident Response Automation: Create EventBridge rules that trigger Lambda functions for security findings

AWS Free Tier Practice Strategy

Many security services have free tiers or low-cost options for learning:

• GuardDuty: 30-day free trial in each account
• Security Hub: 30-day free trial, then per finding pricing
• Inspector: 15-day free trial
• Config: Pay per configuration item recorded
• KMS: First 20,000 API requests free monthly

Cost-conscious approach:

1. Use a dedicated AWS account for security practice
2. Enable services one at a time during study of each domain
3. Disable services when not actively using them
4. Use AWS Budgets to alert on unexpected charges
5. Clean up resources after each lab session

Avoid ClickOps where possible. Instead, use infrastructure as code to create and tear down practice environments consistently. This also reinforces good security practices.

Exam Preparation Strategies

Beyond content knowledge, exam technique matters. Here's how to approach practice exams and the real exam effectively.

How to Use Practice Exams Effectively

Practice exams are learning tools, not just assessment tools.

First attempt: Take timed without reference materials. This simulates exam conditions and reveals your true readiness.

Review phase: For every question (correct and incorrect), read the full explanation. Understand why the correct answer is best and why other options are wrong.

Track patterns: Note which domains and service areas cause the most difficulty. These need additional study.

Retake strategy: Wait at least a week before retaking the same practice exam. You want to test knowledge retention, not memorization.

Score targets: Aim for consistently scoring 80%+ across multiple practice exams before scheduling your real exam.

Understanding AWS Security Philosophy

AWS exam questions often have multiple technically correct answers. The "best" answer aligns with AWS security philosophy:

• Least privilege: Always choose the option that grants minimum necessary permissions
• Defense in depth: Prefer layered security controls over single points of protection
• Automation over manual: Automated responses are preferred to manual intervention
• AWS managed over self-managed: Unless there's a specific requirement, AWS managed solutions are typically preferred
• Encryption by default: When in doubt, choose the option with encryption

Common Exam Pitfalls to Avoid

Time management: You have approximately 2.5 minutes per question (170 minutes for 65 questions). Don't spend more than 3-4 minutes on any single question. Flag difficult questions and return to them.

Over-thinking scenarios: Some questions are straightforward. Don't assume there's a trick when the obvious answer is correct.

Misreading question qualifiers: Pay attention to words like "MOST," "LEAST," "NOT," and "EXCEPT." These change what you're looking for.

Choosing familiar over correct: Just because you've used a service doesn't mean it's the right answer for the scenario.

Ignoring cost considerations: Security questions sometimes have cost-effective answers. Shield Advanced costs $3,000/month. Don't recommend it when Shield Standard suffices.

Exam Day Preparation

The day before and day of your exam matter more than you might think.

24-Hour Countdown Checklist

Day before:

• Get a full night's sleep
• Review your weak areas one final time (but don't cram)
• Prepare your ID and exam confirmation
• If online proctoring: complete technical setup test, clear your workspace

Exam day:

• Eat a proper meal
• Arrive at test center 15-30 minutes early (or log in 15 minutes early for online)
• Use the restroom before starting
• Take deep breaths and stay calm

Online Proctoring Setup Guide

If taking the exam online:

1. Technical requirements: Stable internet, webcam, microphone, single monitor
2. Workspace: Clear desk, no papers or notes visible, no second monitors or devices
3. Environment: Private room with closed door, no other people
4. ID: Government-issued photo ID within camera view
5. Dress code: No smart watches, no headphones or earbuds

If technical issues occur during the exam: Stay calm, contact support immediately through the chat function. Time lost to technical issues is typically restored.

Time Management During the Exam

With 65 questions in 170 minutes, you have approximately 2.5 minutes per question.

Recommended approach:

1. First pass (120 minutes): Answer all questions you're confident about, flag uncertain ones
2. Review pass (40 minutes): Return to flagged questions with fresh perspective
3. Final check (10 minutes): Review any remaining flagged questions, verify answers are recorded

Question flagging strategy: Flag questions where you've narrowed to two options. Often, later questions provide context that helps resolve earlier flags.

After You Pass

Congratulations, you passed! Here's what comes next.

Recertification Requirements

The AWS Certified Security Specialty certification is valid for 3 years. To maintain it:

• Pass the current version of the Security Specialty exam, OR
• Pass a higher-level certification (like Solutions Architect Professional)
• There's no recertification exam. You take the full current exam

AWS recommends staying current throughout the 3-year period rather than cramming before recertification.

Career Advancement Strategies

Leverage your new certification:

• Update LinkedIn with your digital badge
• Add it to email signatures and resumes
• Join the AWS Certified community for networking
• Attend AWS re:Inforce (the security-focused conference)

Continue building expertise:

• Read the AWS Security Blog regularly
• Participate in AWS security workshops
• Consider complementary certifications like AWS DevOps Engineer Professional
• Explore complementary security certifications (CISSP, CEH) for broader recognition

Frequently Asked Questions

How difficult is the AWS Security Specialty exam compared to other AWS certifications?

It's one of the more challenging AWS certifications. It requires deep knowledge across multiple security domains rather than broad but shallow coverage. Most candidates find it harder than the associate-level certifications but comparable to other specialty exams.

Do I need the Solutions Architect Associate before attempting Security Specialty?

Not required, but strongly recommended. The SAA provides foundational AWS knowledge that the Security Specialty builds upon. Many candidates without the SAA struggle with basic service concepts.

How long should I study for the SCS-C03 exam?

For candidates with 2-3 years of AWS security experience: 8-12 weeks at 10-15 hours per week. For those with less experience or dedicated study time: adjust accordingly. The 4-week intensive plan works for experienced practitioners.

Is hands-on experience required to pass?

Technically no, but practically yes. The exam includes scenario-based questions that are much easier if you've actually implemented the services. Pure memorization won't work for many questions.

What's the passing score for SCS-C03?

AWS doesn't publish exact passing scores. They use scaled scoring from 100-1000, with passing typically around 750. You'll receive pass/fail, not your actual score.

Can I retake the exam if I fail?

Yes. There's a 14-day waiting period before your first retake. After that, subsequent retakes require 14-day waits as well. There's no limit on attempts.

How current is the exam content?

AWS exams typically include services and features that were generally available 6 months before your exam date. Focus on features released through mid-2025 for a 2026 exam.

Should I take the exam at a test center or online?

Both are valid options. Test centers offer a distraction-free environment with no technical concerns. Online proctoring offers convenience but requires a proper setup. Choose based on your comfort level and technical setup.

What resources should I prioritize if I have limited study time?

In order: (1) Official AWS Skill Builder exam prep plan, (2) IAM and KMS documentation, (3) GuardDuty and Security Hub documentation, (4) Practice exams. These cover the highest-impact areas.

Is the AI/ML security domain heavily tested?

As a new domain in SCS-C03, it's included but likely not as heavily weighted as established domains like IAM or Infrastructure Security. However, you can't ignore it. Study at least the basics of Bedrock security and guardrails.

Conclusion

Passing the AWS Certified Security Specialty (SCS-C03) requires a methodical approach: understand the seven domains, practice with hands-on labs, master service comparisons, and develop solid exam techniques.

Key takeaways from this guide:

1. SCS-C03 is significantly different from SCS-C02. Don't rely on outdated study materials
2. IAM and KMS are foundational. Master them before moving to other domains
3. The new AI/ML security domain (Domain 7) requires dedicated study
4. Hands-on practice is non-negotiable. Use AWS Builder Labs and your own practice environment
5. Use practice exams for learning, not just assessment. Review all explanations thoroughly

Start with the official AWS Skill Builder exam prep plan today. Take the pretest to identify your weak areas, then follow the 8-week or 4-week study plan based on your timeline. With structured preparation and genuine understanding of AWS security services, you'll be ready to pass on your first attempt.

If you found this guide helpful, check out my other exam guides for the AWS Solutions Architect Associate, AWS Developer Associate, and AWS DevOps Engineer Professional.