The new AWS Security Certification

Thursday I sat the new AWS Security Certification introduced at Re:Invent 2016, currently in “beta” and apparently over-subscribed to the point that AWS has removed content from the Certification web site and stopped more candidates from taking sitting this test at this time.

Being a beta, the exam is US$150 (will be US$300 post-beta), and unlike the “Generally Available” existing certifications which disclose your result immediately, we’ll be waiting until the end of March to get a final answer. So perhaps then I’ll be eating my words and keeping quiet! 🙂

Like the rest of the AWS Certifications, it’s proctored via Kryterion and their WebAssessor platform. At 170 minutes, I was presented with just over 100 questions of multi-choice answers, where the response was either a “choose 1” answer, “choose 2”, “choose 3”, or “chose all that apply” to the question or statement.

This did feel like a beta: one question was shown the three of the six responses to chose from listed as “[Reserved for beta]”. One question presented to me twice. Errant spaces appeared in one example IAM Policy. There was some inconsistent capitalisation in the text of some questions.

At one stage I tried to submit comments for the above issues into the supplied input box, but somehow this triggered the “security” module for WebAssessor to immediately lock me out and require a Proctor to unlock it. This presented a new learning: the Proctor was given two options to unlock the screen: “End Exam”, and “Re-start”. Luckily “Re-start” was more “resume”, and I continued. Kryterion, perhaps some better wording here?

I was pleased the the challenges that the questions presented, and generally felt the mix was a good test of a broad range of AWS Security. It took me the majority of the time to get through and then review my responses, so I wouldn’t say it was easy. It felt like more a professional level cert than an associate level given the length of time. I would have liked some more crypto questions — KMS and key sharing, ELB and SSL Policies, etc.

Clearly putting together any certification on a platform like AWS, which is constantly evolving, is like trying to hit a moving target — the Certification team have done a great job brining these additional Speciality certifications to market.


Footnote: I did reach out to the global head of certification at AWS to submit these comments and try and get some indication if these issues are known or being fixed, but after 2 days I haven’t had a response. Either way, I hope this feedback is helpful.

If you’re interested in AWS and Security, then please check out my training at, where in a 2 day in-person class we cover above and beyond the AWS courses to ensure you have the knowledge and are prepared for the agile world of running and securing environments in the AWS Cloud.