🔥 3-day streak
AWS Certified Data Engineer - Associate143 / 159
Question 143 of 159
A data engineering team stores curated datasets in an S3 data lake organized by department prefixes (e.g., s3://corp-lake/finance/, s3://corp-lake/marketing/). The company has thousands of employees synchronized from an external corporate identity provider into IAM Identity Center. Business analysts should be granted read access to only their department's prefix, and access should map directly to their corporate directory group membership. The current approach of editing a single S3 bucket policy has grown unmanageable and is approaching the bucket policy size limit. Which solution provides scalable, identity-based access mapping with the LEAST ongoing policy maintenance?
Reviewed for accuracy · Report an issueNext question