Topic 1 Question 42
2 つ選択A company has five offices in different AWS Regions. Each office has its own human resources (HR) department that uses a unique IAM role. The company stores employee records in a data lake that is based on Amazon S3 storage. A data engineering team needs to limit access to the records. Each HR department should be able to access records for only employees who are within the HR department's Region. Which combination of steps should the data engineering team take to meet this requirement with the LEAST operational overhead?
Use data filters for each Region to register the S3 paths as data locations.
Register the S3 path as an AWS Lake Formation location.
Modify the IAM roles of the HR departments to add a data filter for each department's Region.
Enable fine-grained access control in AWS Lake Formation. Add a data filter for each Region.
Create a separate S3 bucket for each Region. Configure an IAM policy to allow S3 access. Restrict access based on Region.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: BD👍 5rralucard_2024/02/01
- 正解だと思う選択肢: BD
Registering the S3 path as an AWS Lake Formation location is the first step in leveraging Lake Formation's data governance and access control capabilities. This allows the data engineering team to centrally manage and govern the data stored in the S3 data lake. Enabling fine-grained access control in AWS Lake Formation and adding a data filter for each Region is the key step to achieve the desired access control. Data filters in Lake Formation allow you to define row-level and column-level access policies based on specific conditions or attributes, such as the Region in this case
👍 3pypelyncar2024/06/09 - 正解だと思う選択肢: BD
BD makes sense
👍 1atu17892024/01/28
シャッフルモード