AWS Certified Big Data - Specialty: BDS-C00 Exam - Permissions Needed to Run Queries in Athena

FlexiToner: AWS Certified Big Data - Specialty: BDS-C00 Exam

Question

FlexiToner uses AWS to query 10 years' worth of historical data and get results, with the flexibility to explore data for deeper insights.

Movable Ink provides real-time personalization of marketing emails based on a wide range of user, device, and contextual data, driving higher response rates and better customer experiences.

Also FlexiToner hosts log files captured from web servers running out of different EC2 machines FlexiToner has lot of data assets available in structured, semi-structured and unstructured data forms containing emails, logs, structured data from databases in csv files with formats in CSV, LOG, JSON and binary formats like Parquet and ORC.

FlexiToner is interested to build a data lake out of all the files stored on S3 and provide Data Lake as a service to users from different departments based on pay per queries run.

FlexiToner understands that Athena provides this facility OOTB.Security plays a major role in FlexiToner and wants to enable right policies to restrict access to Athena operations.

What kind of permissions is needed to run queries in Athena? select 4 options.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

Answer: A, B,E,F.

Option A is correct - To run queries in Athena, you must have the appropriate permissions for:

The Athena actions.

The Amazon S3 locations where the underlying data is stored that you are going to query in Athena.

The resources that you store in AWS Glue Data Catalog, such as databases and tables, that you are going to query in Athena.

The encrypted metadata in the AWS Glue Data Catalog (if you migrated to using that metadata in Athena and the metadata is encrypted).

https://docs.aws.amazon.com/athena/latest/ug/access.html

To run queries in Athena, users must have appropriate permissions for several components involved in the query execution process. The following are the permissions required to run queries in Athena:

A. Users must have appropriate permissions for the Athena actions: To run queries in Athena, users must have permissions to execute Athena actions. The permissions required depend on the user's role, whether they are a member of an IAM group or a specific IAM user.

B. Users must have appropriate permissions for the Amazon S3 locations where the underlying data is stored that you are going to query in Athena: Users must have appropriate permissions to access the S3 buckets where the data is stored. The permissions required depend on the S3 bucket's policy.

C. Users must have appropriate permissions for Athena to access data from the encrypted query results: If the query results are encrypted, users must have permissions to access the encryption key to decrypt the data.

D. Users must have appropriate permissions for AWS Glue to Presto and Hive, which are internal components in Athena: Athena uses AWS Glue to catalog the data and provide a schema for the data being queried. Users must have appropriate permissions to access the AWS Glue service.

E. Users must have appropriate permissions for the resources that you store in AWS Glue Data Catalog, such as databases and tables that are going to be queried in Athena: Users must have appropriate permissions to access the Glue Data Catalog, which stores metadata for the data being queried.

F. Users must have appropriate permissions for the encrypted metadata in the AWS Glue Data Catalog: If the metadata in the Glue Data Catalog is encrypted, users must have permissions to access the encryption key to decrypt the metadata.

In summary, to run queries in Athena, users must have appropriate permissions for Athena actions, the S3 buckets where the data is stored, encryption keys for encrypted query results, AWS Glue to Presto and Hive, the Glue Data Catalog resources, and encrypted metadata in the Glue Data Catalog.