AWS Certified Data Engineer Associate DEA-C01 Practice Question
Your company operates an Amazon Redshift RA3 cluster in Account A. The finance.orders table must be shared with a partner in Account B, but the partner may see only the invoice_id, order_date, and amount columns. Copying data to Amazon S3 is prohibited. Near-real-time queries, centralized auditing, and fast revocation of column privileges are required. Which approach meets these requirements?
Create an AWS Glue job that copies the orders data into a Redshift cluster in Account B every hour, grant SELECT on the replica table to the partner role, and rely on AWS CloudTrail logs for auditing.
Register the producer cluster with AWS Lake Formation, create a datashare that contains a view exposing only the required columns, grant SELECT on the view to the partner's IAM role in Lake Formation, and share the datashare with Account B; the partner creates a database FROM DATASHARE and queries the view.
Create a Redshift datashare containing the full orders table, grant USAGE ON DATASHARE directly to Account B, and have the partner create a view that hides the sensitive columns in its consumer cluster.
Use UNLOAD to export the orders table to an encrypted Amazon S3 bucket that is shared with Account B, restrict access with an S3 bucket policy and access points, and let the partner query the files with Amazon Redshift Spectrum.