A company is designing a multi-tenant SaaS application. They need to ensure that each tenant's data is strictly isolated. They are using Amazon DynamoDB. What is the MOST scalable and secure way to implement tenant isolation?

Answer options:

Create a separate DynamoDB table for each tenant.

Use a single DynamoDB table with a partition key that includes the Tenant ID, and use IAM condition keys (dynamodb:LeadingKeys) to restrict access.

Create a separate AWS account for each tenant.

Encrypt each tenant's data with a different KMS key in a single table.

How to approach this question

Identify the DynamoDB feature for row-level security.

Full Answer

B.Use a single DynamoDB table with a partition key that includes the Tenant ID, and use IAM condition keys (dynamodb:LeadingKeys) to restrict access.✓ Correct

For scalable multi-tenant DynamoDB architectures, a pooled model (single table) is preferred. Fine-grained access control using the IAM condition key 'dynamodb:LeadingKeys' ensures tenants can only access their own partition keys.

Common mistakes

Assuming separate tables are required for isolation, which hits scaling limits.

Question 44 All questions Question 46

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 2

75 questions · hints · full answers · grading

More questions from this exam

Q01A company is setting up a multi-account AWS environment using AWS Organizations. They need to ens...Easy Q02An enterprise needs to connect its on-premises data center to AWS. They require a dedicated, priv...Easy Q03A company wants to share a single AWS Transit Gateway across multiple AWS accounts within their A...Easy Q04An architect needs to design a highly available database architecture that spans multiple AWS Reg...Easy Q05A global financial institution is migrating its core banking application to AWS. The application ...Medium

View all 75 questions →