AWS Certified Data Engineer – Associate (DEA-C01) — Question 49

A company stores data in a data lake that is in Amazon S3. Some data that the company stores in the data lake contains personally identifiable information (PII). Multiple user groups need to access the raw data. The company must ensure that user groups can access only the PII that they require.
Which solution will meet these requirements with the LEAST effort?

Answer options

• A. Use Amazon Athena to query the data. Set up AWS Lake Formation and create data filters to establish levels of access for the company's IAM roles. Assign each user to the IAM role that matches the user's PII access requirements.
• B. Use Amazon QuickSight to access the data. Use column-level security features in QuickSight to limit the PII that users can retrieve from Amazon S3 by using Amazon Athena. Define QuickSight access levels based on the PII access requirements of the users.
• C. Build a custom query builder UI that will run Athena queries in the background to access the data. Create user groups in Amazon Cognito. Assign access levels to the user groups based on the PII access requirements of the users.
• D. Create IAM roles that have different levels of granular access. Assign the IAM roles to IAM user groups. Use an identity-based policy to assign access levels to user groups at the column level.

Correct answer: A

Explanation

The correct answer, A, effectively leverages AWS Lake Formation to manage access controls with minimal effort by utilizing IAM roles tailored to user needs. Option B relies on Amazon QuickSight, which could introduce unnecessary complexity, while option C involves custom development that is more labor-intensive. Option D, while viable, requires more detailed IAM policy management than necessary for this scenario.