AWS Certified Machine Learning – Specialty — Question 270

A machine learning (ML) engineer has created a feature repository in Amazon SageMaker Feature Store for the company. The company has AWS accounts for development, integration, and production. The company hosts a feature store in the development account. The company uses Amazon S3 buckets to store feature values offline. The company wants to share features and to allow the integration account and the production account to reuse the features that are in the feature repository.

Which combination of steps will meet these requirements? (Choose two.)

Answer options

• A. Create an IAM role in the development account that the integration account and production account can assume. Attach IAM policies to the role that allow access to the feature repository and the S3 buckets.
• B. Share the feature repository that is associated the S3 buckets from the development account to the integration account and the production account by using AWS Resource Access Manager (AWS RAM).
• C. Use AWS Security Token Service (AWS STS) from the integration account and the production account to retrieve credentials for the development account.
• D. Set up S3 replication between the development S3 buckets and the integration and production S3 buckets.
• E. Create an AWS PrivateLink endpoint in the development account for SageMaker.

Correct answer: A, B

Explanation

To share a SageMaker Feature Store across multiple AWS accounts, AWS Resource Access Manager (AWS RAM) is used to share the feature group resource from the development account to the integration and production accounts. Additionally, cross-account IAM roles must be created in the development account and assumed by the other accounts to grant them permissions to access the underlying Feature Store APIs and the offline Amazon S3 buckets. S3 replication (Option D) and PrivateLink (Option E) do not natively facilitate cross-account Feature Store sharing.