1. AWS Lake Formation Developer Guide
"Data filtering and cell-level security": This section explicitly describes how to use Lake Formation to grant access to specific rows and columns in your data lake. It states
"You can implement column-level
row-level
and cell-level security by granting the SELECT Lake Formation permission on tables with data filters." This directly supports option B as the intended mechanism.
2. AWS Lake Formation Developer Guide
"How data filtering works": The documentation details the process: "When a principal runs a query against a table that has data filters
Lake Formation evaluates the filters for that principal to determine which rows they are allowed to see." This confirms Lake Formation's capability to meet the requirement.
3. AWS Documentation
"Getting started with Amazon Redshift": The documentation outlines the steps to set up a Redshift cluster and load data. This process involves creating a cluster
designing tables
and running COPY commands
which represents significantly more operational effort than applying a Lake Formation policy to existing S3 data
making option D less efficient.
4. AWS Big Data Blog
"Implement row-level security with Amazon Redshift": While this blog shows row-level security is possible in Redshift
it involves creating views and managing user-to-role mappings within the database. This is more complex and service-specific than the centralized
cross-service governance provided by Lake Formation for a data lake
reinforcing that option D has higher operational effort.
