AWS Certified Data Engineer – Associate (DEA-C01) — Question 24

A retail company has a customer data hub in an Amazon S3 bucket. Employees from many countries use the data hub to support company-wide analytics. A governance team must ensure that the company's data analysts can access data only for customers who are within the same country as the analysts.
Which solution will meet these requirements with the LEAST operational effort?

Answer options

• A. Create a separate table for each country's customer data. Provide access to each analyst based on the country that the analyst serves.
• B. Register the S3 bucket as a data lake location in AWS Lake Formation. Use the Lake Formation row-level security features to enforce the company's access policies.
• C. Move the data to AWS Regions that are close to the countries where the customers are. Provide access to each analyst based on the country that the analyst serves.
• D. Load the data into Amazon Redshift. Create a view for each country. Create separate IAM roles for each country to provide access to data from each country. Assign the appropriate roles to the analysts.

Correct answer: B

Explanation

Option B is correct because using AWS Lake Formation allows for row-level security, which can efficiently enforce access policies based on the analysts' countries with minimal operational complexity. Option A requires maintaining multiple tables, which increases management overhead. Option C involves unnecessary data relocation, which does not address the access control requirement effectively. Option D complicates data management by requiring the creation of views and separate IAM roles for each country.