Answer-first summary for fast verification
Answer: Create an IAM role with the minimum required permissions for the Glue crawlers to access the specific S3 buckets and perform ETL operations, and assign it to the Glue crawlers.
To ensure secure and least privilege access for the Glue crawlers to access the S3 data and perform ETL operations, you should create an IAM role with the minimum required permissions for the Glue crawlers to access the specific S3 buckets and perform ETL operations, and assign it to the Glue crawlers. This approach follows the principle of least privilege by granting the Glue crawlers access only to the resources they need. Option A provides excessive permissions, while options C and D are not recommended as they involve modifying bucket policies or using the root account, which can lead to security risks.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Your company is implementing a new data lake on AWS using Amazon S3 and AWS Glue. You need to ensure that the Glue crawlers have the necessary permissions to access the S3 data and perform ETL operations. Which of the following steps should you take to achieve this?
A
Create an IAM role with full access to all S3 buckets and assign it to the Glue crawlers.
B
Create an IAM role with the minimum required permissions for the Glue crawlers to access the specific S3 buckets and perform ETL operations, and assign it to the Glue crawlers.
C
Modify the S3 bucket policy to allow access from the Glue service.
D
Use the root account credentials to configure the Glue crawlers to access the S3 data.