AWS Certified Database – Specialty — Question 336

A startup company in the travel industry wants to create an application that includes a personal travel assistant to display information for nearby airports based on user location. The application will use Amazon DynamoDB and must be able to access and display attributes such as airline names, arrival times, and flight numbers. However, the application must not be able to access or display pilot names or passenger counts.
Which solution will meet these requirements MOST cost-effectively?

Answer options

• A. Use a proxy tier between the application and DynamoDB to regulate access to specific tables, items, and attributes.
• B. Use IAM policies with a combination of IAM conditions and actions to implement fine-grained access control.
• C. Use DynamoDB resource policies to regulate access to specific tables, items, and attributes.
• D. Configure an AWS Lambda function to extract only allowed attributes from tables based on user profiles.

Correct answer: B

Explanation

Implementing fine-grained access control using IAM policies with conditions is the most cost-effective approach because it natively restricts access to specific DynamoDB attributes without requiring additional infrastructure. Options A and D introduce unnecessary cost and complexity by adding intermediate proxy tiers or AWS Lambda functions. Option C is less appropriate because standard IAM policies are the native, recommended way to enforce attribute-level security for application access.