AWS Certified Data Engineer – Associate (DEA-C01) — Question 92

A company has a data lake on AWS. The data lake ingests sources of data from business units. The company uses Amazon Athena for queries. The storage layer is Amazon S3 with an AWS Glue Data Catalog as a metadata repository.

The company wants to make the data available to data scientists and business analysts. However, the company first needs to manage fine-grained, column-level data access for Athena based on the user roles and responsibilities.

Which solution will meet these requirements?

Answer options

• A. Set up AWS Lake Formation. Define security policy-based rules for the users and applications by IAM role in Lake Formation.
• B. Define an IAM resource-based policy for AWS Glue tables. Attach the same policy to IAM user groups.
• C. Define an IAM identity-based policy for AWS Glue tables. Attach the same policy to IAM roles. Associate the IAM roles with IAM groups that contain the users.
• D. Create a resource share in AWS Resource Access Manager (AWS RAM) to grant access to IAM users.

Correct answer: A

Explanation

The correct answer is A because AWS Lake Formation is specifically designed for managing fine-grained access control to data in data lakes, including column-level permissions based on user roles. The other options do not provide the same level of granularity or are not specifically tailored for the requirements of data access management in a data lake environment.