AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company stores several petabytes of data across multiple AWS accounts. The company uses AWS Lake Formation to manage its data lake. The company's data science team wants to securely share selective data from its accounts with the company's engineering team for analytical purposes.
Which solution will meet these requirements with the LEAST operational overhead?
Other
Community
UAnonymous
A
Copy the required data to a common account. Create an IAM access role in that account. Grant access by specifying a permission policy that includes users from the engineering team accounts as trusted entities.
B
Use the Lake Formation permissions Grant command in each account where the data is stored to allow the required engineering team users to access the data.
C
Use AWS Data Exchange to privately publish the required data to the required engineering team accounts.
D
Use Lake Formation tag-based access control to authorize and grant cross-account permissions for the required data to the engineering team accounts.
Explanation:
Explanation
Correct Answer: D - Use Lake Formation tag-based access control to authorize and grant cross-account permissions for the required data to the engineering team accounts.
Why Option D is correct:
-
Least operational overhead: Lake Formation tag-based access control (TBAC) provides a centralized, scalable way to manage permissions across multiple accounts without manual intervention in each account.
-
Cross-account sharing: Lake Formation supports cross-account data sharing through TBAC, allowing you to grant permissions to users in other AWS accounts without copying data.
-
Selective data sharing: TBAC allows fine-grained access control where you can tag specific datasets and grant permissions based on those tags, meeting the requirement for "selective data" sharing.
-
AWS Lake Formation integration: Since the company already uses AWS Lake Formation, this solution leverages existing infrastructure and management tools.
Why other options are incorrect:
Option A: Copying petabytes of data to a common account creates significant operational overhead (data transfer costs, storage duplication, synchronization issues) and doesn't leverage Lake Formation's native cross-account capabilities.
Option B: Using Lake Formation Grant command in each account requires manual configuration in every account where data is stored, creating operational overhead and maintenance complexity.
Option C: AWS Data Exchange is designed for third-party data sharing and subscription models, not for internal cross-account sharing within the same organization. It adds unnecessary complexity and cost.
Key Benefits of Lake Formation TBAC for this scenario:
- Centralized permission management
- No data duplication required
- Fine-grained access control
- Native AWS service integration
- Scalable across multiple accounts
- Reduced administrative overhead
Comments
Loading comments...