In a multi-account setup using AWS Organizations, the finance team utilizes AWS Lambda and Amazon DynamoDB for a data processing application. The DynamoDB table contains sensitive data, and the marketing team, operating under a separate AWS account, requires access to specific attributes within this table. How should a solutions architect configure access to ensure the marketing team can only access the necessary attributes in the DynamoDB table?

Exam-Like

Implement an SCP to grant the marketing team's AWS account access to the specified attributes of the DynamoDB table, attaching the SCP to the organizational unit of the finance team.

40.0%

Develop an IAM role in the finance team's account with IAM policy conditions for fine-grained access control over specific DynamoDB attributes. Set up a trust relationship with the marketing team's account, and in that account, create an IAM role with permissions to assume the role in the finance team's account.

40.0%

Craft a resource-based IAM policy with conditions for fine-grained access control over specific DynamoDB attributes, attaching this policy to the DynamoDB table. In the marketing team's account, establish an IAM role with permissions to access the DynamoDB table in the finance team's account.

20.0%

Design an IAM role in the finance team's account for accessing the DynamoDB table, utilizing an IAM permissions boundary to restrict access to the specified attributes. In the marketing team's account, create an IAM role with permissions to assume the role in the finance team's account.

0.0%

AWS Certified Solutions Architect - Professional

Get started today

Comments