AWS Certified Data Engineer – Associate (DEA-C01) — Question 59

A data engineer is configuring Amazon SageMaker Studio to use AWS Glue interactive sessions to prepare data for machine learning (ML) models.
The data engineer receives an access denied error when the data engineer tries to prepare the data by using SageMaker Studio.
Which change should the engineer make to gain access to SageMaker Studio?

Answer options

• A. Add the AWSGlueServiceRole managed policy to the data engineer's IAM user.
• B. Add a policy to the data engineer's IAM user that includes the sts:AssumeRole action for the AWS Glue and SageMaker service principals in the trust policy.
• C. Add the AmazonSageMakerFullAccess managed policy to the data engineer's IAM user.
• D. Add a policy to the data engineer's IAM user that allows the sts:AddAssociation action for the AWS Glue and SageMaker service principals in the trust policy.

Correct answer: B

Explanation

The correct answer is B, as it allows the data engineer to assume the necessary roles for both AWS Glue and SageMaker, which is essential for access. Option A only adds permissions for AWS Glue, while option C grants full access to SageMaker but does not address the trust relationship needed. Option D is incorrect as it pertains to a different action that does not resolve the access denied issue.