Question 15: Suppose you are working with an In-house Data warehouse team, who has sensitive data information stored in Redshift cluster. As an analytics team member you want to see some of the data in the Redshift cluster, but you don’t have permission to see the data. You just wanted to do the sanity check by looking on the data and no need this data as part of your process. It is fine if you get permission to check data just for 30 mins. Hence, you asked Redshift cluster owner to give me temporary permission to view some of the data, and he is agree to give temporary permission to view the data in Redshift cluster. To give you temporary restrictive access in Redshift cluster which of the following he should use?
- Customer Managed Policy
- Multi-factor Authentication
- AWS managed policy
- AWS Inline Policy
- AWS Key policy
Correct Answer : D
Detailed Explanation: In the given question data is very critical and needs to be given permission for time being. So what Redshift cluster owner can do is create a temporary user with the inline policy. Means policy is embedded as part of this temporary user only. He should keep the user active for 30 mins until he check the data. After 30 minutes he should delete the user so that policy will be deleted as well.
Or he can create an inline policy and attach this inline policy to your existing account. And after 30 minutes he should detach the permission from your account.
- This policy is part of Principal Entity.
- Inline policy is a policy that is embedded in a Principal Entity such as User, Roles and Group.
- Inline policy is good if you want to maintain strict one-to-one relationship between a policy and the principal entity. Hence, it can not be attached to wrong principal.
- If you delete the Principal from AWS console than policy will also be deleted, because it is a part of principal.