AWS Certified Security – Specialty (SCS-C02) is valid for 3 years and maintained by exam, not by continuing education — there are no CPEs or CEUs to track. The credential is either active (within 3 years of your last pass) or expired; there is no soft middle ground and no grace period.
How AWS Security – Specialty recertification works
Unlike the Associate certs, Security – Specialty sits at AWS's top tier alongside the Professional certifications. There is no higher AWS exam that renews it, so the standard recertification path is to retake the current Specialty exam (SCS-C02), which resets the 3-year clock from the new pass date. AWS opens the recertification window 6 months before expiry; you can sit the exam any time before expiry.
There is no free renewal assessment — that model is unique to Microsoft. The exam is $300 USD, roughly 170 minutes, 65 questions.
The renewal that goes the other way
The high-leverage move with Security – Specialty isn't renewing it cheaply — it's what earning it does for the rest of your AWS stack. AWS's recertification rule extends your Associate-level and Foundational certs for a fresh 3-year cycle when you pass a higher exam, and the Specialty qualifies. If you hold Solutions Architect, SysOps, or Developer Associate, passing Security – Specialty renews them as a side effect.
That turns the timing into a stack decision: practitioners carrying several AWS certs often schedule the Specialty (or a Professional) into year 2–3 of their Associate cycles so a single exam renews the lot. Confirm the current renewal pairings on the AWS Recertification page — AWS occasionally adjusts which exams extend which certs.
For the Specialty itself, though, plan on the retake. Budget the $300 and a focused refresh rather than expecting a cheaper path to materialise.
What's on SCS-C02 (and what changed)
SCS-C02 (current as of 2026) is organised around six domains: threat detection and incident response, security logging and monitoring, infrastructure security, identity and access management, data protection, and management and security governance. The C01 → C02 refresh (2023) added explicit incident-response and governance weight and broadened the service set.