Logo
AWS Certified Solutions Architect - Professional / Question #837 of 529

Question #837

A solutions architect is designing a backup strategy for Amazon RDS DB instances across multiple AWS accounts managed via AWS Organizations. The requirements include taking backups every 4 hours, retaining backups for 45 days, and providing a centralized dashboard to monitor backup compliance. Which solution meets these requirements with the LEAST operational overhead?

A

Enable cross-account management in AWS Backup. Create a backup plan with the required frequency and retention period. Tag the RDS instances and apply the backup plan using tags. Use AWS Backup's reporting features to monitor backup health centrally.
B

Enable cross-account management in Amazon RDS. Configure a global automated backup schedule with the specified frequency and retention. Use AWS Config in the management account to aggregate backup compliance data.
C

Deploy an AWS CloudFormation stack set from the management account to create an Amazon EventBridge rule in each account, triggering a Lambda function every 4 hours to create RDS snapshots. Configure Amazon S3 Lifecycle policies to delete snapshots after 45 days. Use Amazon CloudWatch dashboards to monitor backups.
D

Implement AWS Data Lifecycle Manager in each account to create snapshot policies with the required frequency and retention. Share snapshots across accounts using AWS Resource Access Manager. Use AWS Systems Manager to compile backup status reports.

Explanation

AWS Backup (Option A) is the optimal solution because:
1. Cross-Account Management: It integrates with AWS Organizations to centrally manage backups across accounts.
2. Automated Backups: Backup plans can enforce a 4-hour frequency and 45-day retention, which RDS-native backups cannot (max 35 days).
3. Tag-Based Policies: Tagging RDS instances allows seamless application of backup rules.
4. Centralized Monitoring: AWS Backup’s built-in dashboard tracks compliance without custom tools.

Why other options fail:
- Option B: RDS automated backups cannot retain for 45 days, and AWS Config lacks native backup compliance tracking.
- Option C: Custom Lambda/EventBridge/S3 setups introduce complexity and operational overhead.
- Option D: AWS DLM is for EBS, not RDS, and manual snapshot sharing increases effort.

Key Points:
- Use AWS Backup for centralized, cross-account backup management.
- RDS automated backups max retention: 35 days.
- AWS Backup reporting minimizes manual monitoring.

Answer

The correct answer is: A