Topic 1 Question 442

AWS Certified Solutions Architect - Associate

Topic 1 Question 442
A company stores several petabytes of data across multiple AWS accounts. The company uses AWS Lake Formation to manage its data lake. The company's data science team wants to securely share selective data from its accounts with the company's engineering team for analytical purposes.

Which solution will meet these requirements with the LEAST operational overhead?
- Copy the required data to a common account. Create an IAM access role in that account. Grant access by specifying a permission policy that includes users from the engineering team accounts as trusted entities.
- Use the Lake Formation permissions Grant command in each account where the data is stored to allow the required engineering team users to access the data.
- Use AWS Data Exchange to privately publish the required data to the required engineering team accounts.
- Use Lake Formation tag-based access control to authorize and grant cross-account permissions for the required data to the engineering team accounts.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: D
  By utilizing Lake Formation's tag-based access control, you can define tags and tag-based policies to grant selective access to the required data for the engineering team accounts. This approach allows you to control access at a granular level without the need to copy or move the data to a common account or manage permissions individually in each account. It provides a centralized and scalable solution for securely sharing data across accounts with minimal operational overhead.
  
  👍 7
  LONGMEN2023/05/18
- 正解だと思う選択肢: D
  https://aws.amazon.com/blogs/big-data/securely-share-your-data-across-aws-accounts-using-aws-lake-formation/
  
  👍 2
  luisgu2023/05/22
シャッフルモード

ユーザの投票

コメント(2)