Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 58 discussion

The correct answer is C. Taking a snapshot of the EBS volume using Amazon Data Lifecycle Manager (DLM) will meet the requirements because it allows you to create a backup of the volume without the need to access the instance or its SSH key pair. Additionally, DLM allows you to schedule the backups to occur at specific intervals and also enables you to copy the snapshots to an S3 bucket. This approach will not impact the running application as the backup is performed on the EBS volume level. Option A is not correct because the instance would need an IAM role with permission to write to S3 and access to the instance via Systems Manager Session Manager. Option B is not correct because it would require stopping the instance, which would impact the running application. Option D is not correct because it would require stopping the instance and creating a new EC2 instance, which would impact the running application.

taking a backup of the data to s3. aws doesn't allow up to view snapshots in s3

Why Option A is correct: The AWS Systems Manager (SSM) Session Manager allows secure, shell-level access to EC2 instances without the need for an SSH key pair. Attaching an IAM role with appropriate permissions to the EC2 instance allows it to securely interact with Amazon S3 without manual credential management. Session Manager does not require a restart of the instance or impact the application availability, ensuring no downtime and continuous service to users. This solution directly fulfills the requirement: securely copying data from the encrypted EBS volume to S3 without administrative SSH access and without disruption.

This is a badly designed question IMO. (D) could be correct but creating an AMI by default will reboot the instance, and no mention of SSM role permissions. (A) could also work but no mention of SSM permissions in the role. Amazon Lnux 2 have pre-installed the SSM agent. (B) is wrong since it interrupts the app. (C) won't work.

not C because of How EBS Snapshot Export Works When you export an EBS snapshot to S3, the export creates an Amazon Machine Image (AMI)-compatible format of the snapshot. This export process results in a snapshot stored as disk image files (e.g., .vmdk, .vhd, .raw, etc.), depending on the format chosen. The data is not immediately readable or usable as a plain text or object file in S3. When is the Data Readable? To make the exported data readable: Reimport the Snapshot: You would need to reimport the disk image into AWS as a new EBS volume using the VM Import/Export service. Custom Processing: If the snapshot contains a file system, you could manually process the exported image to extract the data using tools compatible with the format (e.g., mounting a .raw image locally).

C. Take a snapshot of the EBS volume by using Amazon Data Lifecycle Manager (Amazon DLM). Copy the data to Amazon S3. Challenges: While creating an EBS snapshot is feasible without requiring instance access, transferring the data from the snapshot to S3 still requires additional steps. Snapshot-based backup does not provide direct file-level access for selective backups to S3. Conclusion: Partially valid, but it does not meet the requirement to back up the data directly to S3. Since it is a legal department ..why to have another copy before transferring to final S3 destination.

Leverages AWS Systems Manager Session Manager: Session Manager allows secure shell-less access to the instance without requiring an SSH key. It provides a way to run commands directly on the instance, even if SSH access is unavailable. No Disruption to the Application: The instance remains operational, and the application continues to serve users while the commands are executed. S3 IAM Role for Access: By attaching an IAM role to the instance with permissions to write to S3, you can securely transfer data without needing to configure additional credentials. Efficient and Direct Backup: Data is copied directly from the running instance to the S3 bucket, eliminating the need for intermediate snapshots, new instances, or additional resources. Minimal Development Time: This approach avoids creating images, launching new instances, or performing additional resource management steps.

A is Correct Answer. IAM Role will provide EC2 instance to write data to S3 bucket. Systems Manager Session Manager will access system and initiate back writing in S3. This will satisfy the condition of not having SSH Keys.

C. Take a snapshot of the EBS volume by using Amazon Data Lifecycle Manager (Amazon DLM). Copy the data to Amazon S3.

Key point: The application must continue to serve the users. If we choose A, then it may impact the application. C wouldn't have that problem

c - Amazon Data Lifecycle Manager allows creation of EBS snapshots

C looks more better than A according to keep application running all time

currect answer is C Data Lifecycle Manager (DLM) direct APIs can be used to read the data from the snapshot and copy the data to Amazon S3.

C Reason You can use Amazon Data Lifecycle Manager to automate the creation, retention, and deletion of EBS snapshots and EBS-backed AMIs. When you automate snapshot and AMI management, it helps you to: Protect valuable data by enforcing a regular backup schedule. Create standardized AMIs that can be refreshed at regular intervals. Retain backups as required by auditors or internal compliance. Reduce storage costs by deleting outdated backups. Create disaster recovery backup policies that back up data to isolated Regions or accounts.

Vote D because other than it doesn't mention choose no reboot when creating image, the rest steps cover all the necessities to backup data on ebs to s3. But consider B explicitly mention with reboot option while D not reason to assume D will use no reboot option. Answer C and A have too much assumption that not state in the question and answer. A: not sure ssm agent is installed and configure to work with system manager. C: missing steps to mount volume on new create ec2 with s3 instance profile attached.

Option A is a manual process where you have to connect via SSM Session manager - too tedious and requires huge manual effort to maintain backups So going with C, as you can't manage the snapshot in S3 but you can restore it if anything goes wrong

One issue with option A is that an ec2 instance with a role granting access to only S3, wouldn’t be registered with the session manager and it won’t be possible to create a session.