A developer is building a serverless application hosted on AWS that uses Amazon Redshift as a data store. The application has separate module for read/write and read-only functionality. The modules need their own database users for compliance reasons. Which combination of steps should a security engineer implement to grant appropriate access? (Choose two.)
A) Configure cluster security groups for each application module to control access to database users that are required for read-only and read-write.
B) Configure a VPC endpoint for Amazon Redshift. Configure an endpoint policy that maps database users to each application module, and allow access to the tables that are required for read-only and read/write.
C) Configure an IAM policy for each module. Specify the ARN of an Amazon Redshift database user that allows the GetClusterCredentials API call.
D) Create local database users for each module.
E) Configure an IAM policy for each module. Specify the ARN of an IAM user that allows the GetClusterCredentials API call.
Correct Answer:
Verified
Q285: A company stores images for a website
Q286: A development team is using an AWS
Q287: A company deployed an Amazon EC2 instance
Q288: A company is using AWS Organizations to
Q289: Example.com is hosted on Amazon EC2 instance
Q290: Unapproved changes were previously made to a
Q291: A company has implemented AWS WAF and
Q292: Amazon GuardDuty has detected communications to a
Q293: A company uses Amazon RDS for MySQL
Q294: A company has an application that uses
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents