A developer is building a serverless application hosted on AWS that uses Amazon Redshift as a data store.
The application has separate module for read/write and read-only functionality. The modules need their own database users for compliance reasons.
Which combination of steps should a security engineer implement to grant appropriate access? (Choose two.)
A. Configure cluster security groups for each application module to control access to database users that are required for read-only and read-write.
B. Configure a VPC endpoint for Amazon Redshift. Configure an endpoint policy that maps database users to each application module, and allow access to the tables that are required for read-only and read/ write.
C. Configure an IAM policy for each module. Specify the ARN of an Amazon Redshift database user that allows the GetClusterCredentials API call.
D. Create local database users for each module.
E. Configure an IAM policy for each module. Specify the ARN of an IAM user that allows the GetClusterCredentials API call.
The application has separate module for read/write and read-only functionality. The modules need their own database users for compliance reasons.
Which combination of steps should a security engineer implement to grant appropriate access? (Choose two.)
A. Configure cluster security groups for each application module to control access to database users that are required for read-only and read-write.
B. Configure a VPC endpoint for Amazon Redshift. Configure an endpoint policy that maps database users to each application module, and allow access to the tables that are required for read-only and read/ write.
C. Configure an IAM policy for each module. Specify the ARN of an Amazon Redshift database user that allows the GetClusterCredentials API call.
D. Create local database users for each module.
E. Configure an IAM policy for each module. Specify the ARN of an IAM user that allows the GetClusterCredentials API call.