Learn the best practices for securely accessing third-party data in AWS Redshift Spectrum while complying with regulations. Discover the combination of steps to ensure data security.
Table of Contents
Question
A finance company uses Amazon Redshift as a data warehouse. The company stores the data in a shared Amazon S3 bucket. The company uses Amazon Redshift Spectrum to access the data that is stored in the S3 bucket. The data comes from certified third-party data providers. Each third-party data provider has unique connection details.
To comply with regulations, the company must ensure that none of the data is accessible from outside the company’s AWS environment.
Which combination of steps should the company take to meet these requirements? (Choose two.)
A. Replace the existing Redshift cluster with a new Redshift cluster that is in a private subnet. Use an interface VPC endpoint to connect to the Redshift cluster. Use a NAT gateway to give Redshift access to the S3 bucket.
B. Create an AWS CloudHSM hardware security module (HSM) for each data provider. Encrypt each data provider’s data by using the corresponding HSM for each data provider.
C. Turn on enhanced VPC routing for the Amazon Redshift cluster. Set up an AWS Direct Connect connection and configure a connection between each data provider and the finance company’s VPC.
D. Define table constraints for the primary keys and the foreign keys.
E. Use federated queries to access the data from each data provider. Do not upload the data to the S3 bucket. Perform the federated queries through a gateway VPC endpoint.
Answer
C. Turn on enhanced VPC routing for the Amazon Redshift cluster. Set up an AWS Direct Connect connection and configure a connection between each data provider and the finance company’s VPC.
E. Use federated queries to access the data from each data provider. Do not upload the data to the S3 bucket. Perform the federated queries through a gateway VPC endpoint.
Explanation
The correct combination of steps the company should take to meet the requirements are:
C. Turn on enhanced VPC routing for the Amazon Redshift cluster. Set up an AWS Direct Connect connection and configure a connection between each data provider and the finance company’s VPC.
Explanation: Enhanced VPC routing enables Amazon Redshift to use the VPC network to access resources, providing better security and performance. AWS Direct Connect establishes a dedicated network connection between the finance company’s VPC and each data provider, ensuring secure data transfer without exposing it to the public internet.
E. Use federated queries to access the data from each data provider. Do not upload the data to the S3 bucket. Perform the federated queries through a gateway VPC endpoint.
Explanation: Federated queries allow Amazon Redshift Spectrum to query data directly from the data providers without the need to store it in the S3 bucket. By performing federated queries through a gateway VPC endpoint, the company can securely access the data without exposing it to the internet, ensuring compliance with regulations.
Options A and B are not necessary for meeting the requirements. Option D is unrelated to the security and accessibility aspects mentioned in the question.
By implementing enhanced VPC routing, AWS Direct Connect, and federated queries through a gateway VPC endpoint, the finance company can securely access the third-party data in Amazon Redshift Spectrum while ensuring that none of the data is accessible from outside the company’s AWS environment.
Amazon AWS Certified Data Engineer – Associate DEA-C01 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Data Engineer – Associate DEA-C01 exam and earn Amazon AWS Certified Data Engineer – Associate DEA-C01 certification.