Jeff’s Note #
Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Site Reliability Engineer (SRE).
For SOA-C02 candidates, the confusion often lies in how to protect critical data snapshots from accidental deletion while maintaining automation and governance. In production, this is about knowing exactly which AWS features natively provide snapshot retention after deletion—and which require proactive prevention methods. Let’s drill down.
The Certification Drill (Simulated Question) #
Scenario #
NextGen Data Services, a company providing data analytics platforms, relies heavily on Amazon EBS snapshots for backup and disaster recovery of their Linux-based application servers. One day, their SysOps team accidentally deletes a critical snapshot required for recovery to a previous system state. The operations team urgently needs a method to recover deleted EBS snapshots automatically for a certain retention period without manual interference.
The Requirement: #
Determine the best solution that allows the team to recover deleted EBS snapshots within a designated retention timeframe, minimizing operational risk and manual recovery effort.
The Options #
- A) Enable deletion protection individually on each EBS snapshot that must be preserved.
- B) Create an IAM policy which denies snapshot deletion based on snapshot age and apply it to all team members.
- C) Create a Recycle Bin retention rule specifically for EBS snapshots for the required retention period.
- D) Use Amazon EventBridge to schedule an AWS Lambda function that copies EBS snapshots to Amazon S3 Glacier for long-term archival.
Google adsense #
leave a comment:
Correct Answer #
C
Quick Insight: The SysOps Imperative #
Amazon EBS Recycle Bin natively supports retention and recovery of snapshots after accidental deletion, making it a low-overhead, built-in solution perfect for SysOps teams. While IAM policies and deletion protection limit deletions proactively, they don’t enable snapshot recovery once deleted. Lambda-based copying is complex and delayed.
Content Locked: The Expert Analysis #
You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?
The Expert’s Analysis #
Correct Answer #
Option C
The Winning Logic #
The Amazon EBS Recycle Bin provides a native, fully managed snapshot retention feature that lets you specify a retention period for snapshots after deletion. During this retention window, snapshots can be recovered — effectively reversing accidental deletions without needing manual copies or overly restrictive IAM policies. This protects business continuity with minimal administrative overhead and adheres to best SysOps practices for data durability and recoverability.
- The Recycle Bin automates lifecycle management with retention rules scoped to EBS snapshot resources.
- Snapshots deleted outside retention are permanently removed after the configured window.
- Simplifies compliance by programmatically enforcing retention policies.
The Trap (Distractor Analysis) #
- Why not A? Deletion protection prevents snapshot deletion entirely, but it must be enabled manually per snapshot and does not allow recovery once deleted if missing.
- Why not B? IAM policies with conditions on snapshot age can prevent deletions but are complex to maintain and can interfere with legitimate snapshot lifecycle operations. They do not allow recovery post-deletion.
- Why not D? Scheduling Lambda to copy snapshots to Glacier involves complex custom automation, delays, increased costs, and does not provide immediate recovery from deletions. Also, snapshots are regional EBS resources—not objects in S3 straightforwardly.
The Technical Blueprint #
B) For Developer / SysOps (CLI Snippet) #
Enable an EBS snapshot Recycle Bin retention rule with AWS CLI:
aws rbin put-rule \
--description "Retain deleted EBS snapshots for 30 days" \
--resource-type "EBS_SNAPSHOT" \
--retention-period RetentionPeriodValue=30,RetentionPeriodUnit=DAYS
To link the rule with snapshot resources:
aws rbin tag-resource --resource-arn arn:aws:ec2:region:account-id:snapshot/snapshot-id --tags Key=RecycleBinRule,Value=RuleId
Recover a deleted snapshot during retention:
aws rbin restore-rule --resource-arn arn:aws:ec2:region:account-id:snapshot/snapshot-id
The Comparative Analysis #
| Option | Operational Overhead | Automation Level | Impact |
|---|---|---|---|
| A: Deletion Protection | Medium - Requires manual enablement per snapshot | Low | Prevents deletion but no recovery after deletion |
| B: IAM Policy Deny Delete | High - Complex policy management | Medium | Can block deletions, may hamper legitimate ops |
| C: Recycle Bin Retention Rule | Low - Native automatic retention | High | Enables recovery after accidental deletion |
| D: EventBridge + Lambda Copy | High - Custom automation required | Medium | Delayed recovery, higher cost, complexity |
Real-World Application (Practitioner Insight) #
Exam Rule #
For the exam, always pick Amazon EBS Recycle Bin when you see “recover deleted snapshots within retention period.”
Real World #
In production, many teams still mistakenly rely on deletion protection or IAM rules, causing operational friction or missing recovery windows. Recycle Bin is the better balance of automation, governance, and business continuity.
(CTA) Stop Guessing, Start Mastering #
Disclaimer
This is a study note based on simulated scenarios for the SOA-C02 exam.