Question #1628
A company is developing a data lake using AWS Lake Formation, integrating data from Amazon Kinesis and Amazon DynamoDB. They need to ensure that sensitive data fields are only accessible to authorized users without additional data processing steps. Which solution meets these requirements with the LEAST operational overhead?
Create an IAM policy with fine-grained permissions to restrict access to specific columns and rows in Lake Formation tables.
Use Lake Formation data filters to enforce column-level security and row-level security on the ingested data.
Develop an AWS Glue ETL job to redact sensitive data before storing it in the data lake.
Implement an Amazon Athena query that dynamically masks sensitive data during user queries.
Explanation
Answer B is correct because Lake Formation's data filters allow administrators to define column-level and row-level permissions directly on the ingested data. This native feature ensures sensitive fields are automatically restricted for unauthorized users without requiring data transformation (eliminating Option C) or runtime masking (eliminating Option D). Option A is less efficient because IAM policies are not designed for granular data lake permissions and would require complex policy management. Lake Formation simplifies access control by centralizing permissions, aligning with the requirement of minimal operational overhead. Key points: Lake Formation data filters handle fine-grained security natively, avoiding ETL/query modifications and reducing maintenance.
Answer
The correct answer is: B