AWS Certified Data Engineer – Associate (DEA-C01) — Question 246

A company runs a multi-tenant Amazon EMR cluster on Amazon EC2 instances. Multiple teams perform interactive query analyses and data transformations on the data in the EMR cluster. The teams can access the cluster only through EMR Studio workspaces and EMR steps.

The teams need to use EMR steps to run Apache Spark jobs to fetch data from an Amazon DynamoDB table. The DynamoDB table contains confidential data that must be accessible to only one specific team. The company needs to ensure that only the appropriate team can access the confidential data in the EMR cluster.

Which solution will meet these requirements?

Answer options

• A. Set up runtime roles for EMR steps.
• B. Set up AWS Lake Formation permissions.
• C. Set up IAM roles for EMR File System (EMRFS) requests.
• D. Set up a DynamoDB resource-based policy.

Correct answer: A

Explanation

Setting up runtime roles for EMR steps allows the specific team to access the sensitive data in the DynamoDB table while restricting access from other teams. The other options, such as AWS Lake Formation permissions and IAM roles for EMRFS requests, do not specifically control access at the EMR step level, and a DynamoDB resource-based policy alone would not enforce the necessary restrictions within the EMR cluster.