The Jeff’s Note (Contextual Hook) #
Jeff’s Note #
Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Site Reliability Engineer (SRE).
For SOA-C02 candidates, the confusion often lies in how to efficiently manage backups across multiple accounts without operational overhead or scripting sprawl. In production, this is about knowing exactly which cross-account AWS managed service streamlines governance and automation over manual custom solutions. Let’s drill down.
The Certification Drill (Simulated Question) #
Scenario #
FinTech Solutions Inc. manages several AWS accounts across different business units using AWS Organizations. As the Site Reliability Engineer, you are tasked with creating a comprehensive, automated backup strategy for all Amazon EC2 instances running in every account. The goal is to ensure consistent backups with the least operational effort and centralized policy management.
The Requirement: #
Implement a backup solution that is scalable, requires minimal manual maintenance, and enables cross-account management of EC2 backups from a central location.
The Options #
- A) Deploy an AWS Lambda function into each account to trigger EC2 instance snapshots on a scheduled basis.
- B) Create an AWS CloudFormation StackSet from the management account to tag all EC2 instances with AutoBackup=True.
- C) Use AWS Backup in the management account to create and deploy backup policies that cover all accounts and resources.
- D) Use a Service Control Policy (SCP) to enforce scheduled EC2 snapshots in each account.
Google adsense #
leave a comment:
Correct Answer #
C
Quick Insight: The SOA-C02 Imperative #
- For SysOps Professionals: Leveraging AWS Backup’s cross-account policy management eliminates custom scripting and operational silos.
- This service’s centralized dashboard and policy-driven approach outperforms Lambda functions or SCP enforcement, which do not orchestrate or automate snapshot scheduling by themselves.
Content Locked: The Expert Analysis #
You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?
The Expert’s Analysis #
Correct Answer #
Option C
The Winning Logic #
AWS Backup offers a centralized, fully managed backup orchestration service that integrates natively with AWS Organizations. From the management account, you can define backup plans and assign them across multiple member accounts, covering EC2 instances automatically. This removes the need to build and maintain custom snapshot Lambda functions or manual tagging workflows.
Key operational benefits include:
- Automated scheduling and retention policies.
- Cross-account backup policy deployment.
- Central monitoring and compliance reporting.
- Reduced risk of misconfiguration or missed backups.
This “one-stop” management approach aligns exactly with the operational efficiency mandate in multi-account environments.
The Trap (Distractor Analysis): #
- Why not A? Deploying Lambda functions in every account adds complexity and operational overhead. Each function must be maintained and scheduled separately, increasing failure points.
- Why not B? Adding tags alone doesn’t trigger snapshots. Additional automation is required to act on those tags, which is manual and error-prone.
- Why not D? SCPs can restrict actions but cannot orchestrate scheduled snapshot workflows. They aren’t a backup solution.
The Technical Blueprint #
B) For SysOps (Code/CLI Snippet):
Example CLI command to create a backup plan in the management account:
aws backup create-backup-plan --backup-plan '{
"BackupPlanName": "CrossAccountEC2Backup",
"Rules": [{
"RuleName": "DailyEC2Backup",
"TargetBackupVaultName": "Default",
"ScheduleExpression": "cron(0 5 ? * * *)",
"StartWindowMinutes": 60,
"CompletionWindowMinutes": 180,
"Lifecycle": {
"DeleteAfterDays": 30
},
"RecoveryPointTags": {
"CreatedBy": "AWSBackupPolicy"
}
}]
}'
Then, assign this backup plan to organizational units or accounts via AWS Organizations integration.
The Comparative Analysis #
| Option | Operational Overhead | Automation Level | Impact |
|---|---|---|---|
| A | High - multiple Lambdas | Medium - scheduled functions | Prone to failure, hard to track |
| B | Medium - tagging only | Low - no automatic backups | Requires additional automation |
| C | Low - centralized management | High - native backup policies | Scales well, centralized monitoring |
| D | Low - enforces policy only | None - no orchestration | Cannot create or schedule backups |
Real-World Application (Practitioner Insight) #
Exam Rule #
For the exam, always pick AWS Backup when you see a centralized backup policy solution required across multiple accounts.
Real World #
In reality, companies often start with ad hoc Lambda snapshot scripts but quickly move to AWS Backup for the operational simplicity, compliance support, and native cross-account controls it provides.
(CTA) Stop Guessing, Start Mastering #
Disclaimer
This is a study note based on simulated scenarios for the SOA-C02 exam.