How can the company ensure that the security policy is maintained after the implementation of the DAX cluster?
Modify the IAM policies for the employees. Implement user-level separation that allows the employees to access the DAX cluster.
Modify the IAM policies for the IAM service role of the DAX cluster. Implement user-level separation to allow access to DynamoDB.
Modify the IAM policies for the employees. Allow the employees to access the DAX cluster without allowing the employees to access the DynamoDB table.
Modify the IAM policies for the employees. Allow the employees to access the DynamoDB table without allowing the employees to access the DAX cluster.
Explanations:
Modifying IAM policies for employees and allowing access to the DAX cluster would not ensure the restriction of field-level access to the DynamoDB table. DAX is an in-memory cache, and IAM policies control access to resources, but not at the field level.
Modifying the IAM policies for the IAM service role of the DAX cluster would allow the DAX cluster to access DynamoDB, but it doesn’t address the employee-level access control to specific fields within the table. IAM roles don’t control what data fields within the table are accessible.
Allowing employees to access the DAX cluster without access to DynamoDB does not help maintain the field-level security on the DynamoDB table. Employees would not be able to access data from DynamoDB, which makes DAX useless for them.
Modifying IAM policies for employees and restricting their access to the DynamoDB table (while disallowing direct access to the DAX cluster) ensures that the employees’ access is restricted to only certain fields in the DynamoDB table, as per the security policy. The DAX cluster can still provide the caching benefits without compromising security.
I plot that the answer is:
Modify the IAM policies for the employees. Allow the employees to access the DynamoDB table without allowing the employees to access the DAX cluster.