Learn the simplest way to prevent user access to customer data rows for a specific country in an AWS Lake Formation data lake. Set row-level filters to comply with regulations and protect sensitive information with minimal operational effort.
Table of Contents
Question
A company stores customer data tables that include customer addresses in an AWS Lake Formation data lake. To comply with new regulations, the company must ensure that users cannot access data for customers who are in Canada.
The company needs a solution that will prevent user access to rows for customers who are in Canada.
Which solution will meet this requirement with the LEAST operational effort?
A. Set a row-level filter to prevent user access to a row where the country is Canada.
B. Create an IAM role that restricts user access to an address where the country is Canada.
C. Set a column-level filter to prevent user access to a row where the country is Canada.
D. Apply a tag to all rows where Canada is the country. Prevent user access where the tag is equal to “Canada”.
Answer
A. Set a row-level filter to prevent user access to a row where the country is Canada.
Explanation
AWS Lake Formation allows you to set fine-grained access control on your data lake at the column, row, and cell level. To prevent users from accessing customer data for a specific country (Canada in this case) with the least operational effort, setting a row-level filter is the most straightforward and effective approach.
Here’s why the other options are not the best fit:
B. Creating an IAM role to restrict access based on the country would require more operational effort compared to setting a row-level filter directly in Lake Formation. IAM roles are better suited for controlling access at a higher level, such as granting permissions to access a specific database or table.
C. Setting a column-level filter would not be effective in this scenario because the requirement is to restrict access to entire rows where the country is Canada, not just a specific column.
D. Applying tags to rows and then preventing access based on the tag value would require additional effort to tag all the relevant rows. It would also introduce unnecessary complexity compared to directly setting a row-level filter based on the country value.
By setting a row-level filter in AWS Lake Formation, you can easily prevent user access to customer data rows where the country is Canada. This solution requires the least operational effort while ensuring compliance with the new regulations.
Amazon AWS Certified Data Engineer – Associate DEA-C01 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Data Engineer – Associate DEA-C01 exam and earn Amazon AWS Certified Data Engineer – Associate DEA-C01 certification.