Ultimate access to all questions.
Answer-first summary for fast verification
Answer: Use a Lake Formation blueprint to ingest the data from the database to the S3 data lake. Use Lake Formation to enforce column-level access control for the QuickSight users. Use Amazon Athena as the data source in QuickSight.
## Explanation **Correct Answer: D** **Why Option D is correct:** 1. **Lake Formation Blueprint**: AWS Lake Formation provides blueprints that simplify data ingestion from various sources including Amazon Aurora databases. This reduces operational overhead compared to manually configuring EMR or Glue jobs. 2. **Lake Formation Column-Level Security**: Lake Formation natively supports fine-grained access control including column-level security. You can define permissions at the column level for specific users or groups. 3. **Athena Integration**: Using Amazon Athena as the data source in QuickSight allows you to query data from the S3 data lake while leveraging Lake Formation's security controls. Athena respects Lake Formation permissions. 4. **Least Operational Overhead**: This approach leverages managed services (Lake Formation, Athena) with built-in security controls, minimizing the need for custom IAM policies or S3 bucket policies. **Why other options are incorrect:** **A. Amazon EMR**: - EMR requires significant operational overhead for cluster management - SPICE engine doesn't support dynamic column-level security - you'd need to create separate datasets for different permission levels - Not integrated with Lake Formation's governance model **B. AWS Glue Studio + IAM policies**: - IAM policies don't support column-level granularity for S3 data - Would require complex S3 object tagging and IAM condition keys - Manual management of IAM policies increases operational overhead **C. AWS Glue Elastic Views + S3 bucket policies**: - S3 bucket policies don't support column-level access control - Would require creating separate S3 objects for different column subsets - Materialized views need to be refreshed, adding operational complexity **Key AWS Services Integration:** - **Lake Formation**: Centralized data governance with fine-grained access control - **Athena**: Serverless query service that respects Lake Formation permissions - **QuickSight**: Can connect to Athena and inherit Lake Formation security This solution provides a fully managed approach with minimal operational overhead while meeting all security requirements.
Author: LeetQuiz Editorial Team
No comments yet.
A company has an Amazon S3 data lake that is governed by AWS Lake Formation. The company wants to create a visualization in Amazon QuickSight by joining the data in the data lake with operational data that is stored in an Amazon Aurora MySQL database. The company wants to enforce column-level authorization so that the company's marketing team can access only a subset of columns in the database.
Which solution will meet these requirements with the LEAST operational overhead?
A
Use Amazon EMR to ingest the data directly from the database to the QuickSight SPICE engine. Include only the required columns.
B
Use AWS Glue Studio to ingest the data from the database to the S3 data lake. Attach an IAM policy to the QuickSight users to enforce column-level access control. Use Amazon S3 as the data source in QuickSight.
C
Use AWS Glue Elastic Views to create a materialized view for the database in Amazon S3. Create an S3 bucket policy to enforce column-level access control for the QuickSight users. Use Amazon S3 as the data source in QuickSight.
D
Use a Lake Formation blueprint to ingest the data from the database to the S3 data lake. Use Lake Formation to enforce column-level access control for the QuickSight users. Use Amazon Athena as the data source in QuickSight.