Answer-first summary for fast verification
Answer: Create an Athena workgroup for each use case. Apply tags to the workgroup. Create an IAM policy that uses the tags to apply appropriate permissions to the workgroup.
Amazon Athena workgroups allow you to separate users, teams, applications, or workloads, and to set limits on amount of data each query or the entire workgroup can process. You can control access to a workgroup and its query history using resource-based IAM policies (often leveraging tags). This natively addresses the requirement of separating query processes and history.
Author: Ritesh Yadav
Ultimate access to all questions.
Question 20 A company uses Amazon Athena for one-time queries against data that is in Amazon S3. The company has several use cases. The company must implement permission controls to separate query processes and access to query history among users, teams, and applications that are in the same AWS account. Which solution will meet these requirements?
A
Create an S3 bucket for each use case. Create an S3 bucket policy that grants permissions to appropriate individual IAM users. Apply the S3 bucket policy to the S3 bucket.
B
Create an Athena workgroup for each use case. Apply tags to the workgroup. Create an IAM policy that uses the tags to apply appropriate permissions to the workgroup.
C
Create an IAM role for each use case. Assign appropriate permissions to the role for each use case. Associate the role with Athena.
D
Create an AWS Glue Data Catalog resource policy that grants permissions to appropriate individual IAM users for each use case. Apply the resource policy to the specific tables that Athena uses.
No comments yet.