Which solution will meet these requirements with the LEAST operational overhead?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A company has an Amazon S3 data lake that is governed by AWS Lake Formation.The company wants to create a visualization in Amazon QuickSight by joining the data in the data lake with operational data that is stored in an Amazon Aurora MySQL database.The company wants to enforce column-level authorization so that the company’s marketing team can access only a subset of columns in the database.

Which solution will meet these requirements with the LEAST operational overhead?

Use Amazon EMR to ingest the data directly from the database to the QuickSight SPICE engine. Include only the required columns.

Use AWS Glue Studio to ingest the data from the database to the S3 data lake. Attach an IAM policy to the QuickSight users to enforce column-level access control. Use Amazon S3 as the data source in QuickSight.

Use AWS Glue Elastic Views to create a materialized view for the database in Amazon S3. Create an S3 bucket policy to enforce column-level access control for the QuickSight users. Use Amazon S3 as the data source in QuickSight.

Use a Lake Formation blueprint to ingest the data from the database to the S3 data lake. Use Lake Formation to enforce column-level access control for the QuickSight users. Use Amazon Athena as the data source in QuickSight.

Explanations:

Using Amazon EMR to ingest data directly into the QuickSight SPICE engine would require additional management and orchestration to handle data ingestion and ensure column-level access control. It does not provide a streamlined way to enforce column-level authorization specifically for QuickSight users.

While AWS Glue Studio can ingest data and attach IAM policies for access control, it does not directly support column-level authorization in the context of Amazon QuickSight. IAM policies cannot enforce column-level security, thus not fully meeting the requirement.

AWS Glue Elastic Views can create materialized views in S3, but managing S3 bucket policies for column-level access control can be complex and may not seamlessly integrate with QuickSight’s access control. This solution increases operational overhead and does not provide a straightforward way to enforce column-level security.

Using a Lake Formation blueprint allows for a streamlined ingestion process from the database to the S3 data lake, and Lake Formation natively supports column-level access control. This setup ensures that the marketing team has access only to the necessary columns when accessing data through Amazon Athena in QuickSight, thus minimizing operational overhead.

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × four =