AWS Certified Machine Learning Engineer – Associate (MLA-C01) — Question 40

An advertising company uses AWS Lake Formation to manage a data lake. The data lake contains structured data and unstructured data. The company's ML engineers are assigned to specific advertisement campaigns.
The ML engineers must interact with the data through Amazon Athena and by browsing the data directly in an Amazon S3 bucket. The ML engineers must have access to only the resources that are specific to their assigned advertisement campaigns.
Which solution will meet these requirements in the MOST operationally efficient way?

Answer options

• A. Configure IAM policies on an AWS Glue Data Catalog to restrict access to Athena based on the ML engineers' campaigns.
• B. Store users and campaign information in an Amazon DynamoDB table. Configure DynamoDB Streams to invoke an AWS Lambda function to update S3 bucket policies.
• C. Use Lake Formation to authorize AWS Glue to access the S3 bucket. Configure Lake Formation tags to map ML engineers to their campaigns.
• D. Configure S3 bucket policies to restrict access to the S3 bucket based on the ML engineers' campaigns.

Correct answer: C

Explanation

The correct answer is C because Lake Formation allows for fine-grained access control and can link ML engineers to their specific campaigns using tags, ensuring efficient management of permissions. Option A does not provide the same level of integration with Lake Formation, while options B and D introduce unnecessary complexity and do not leverage Lake Formation's capabilities effectively.