How can Amazon EBS snapshots be managed to conform to this data retention policy?
Use an Amazon S3 lifecycle policy to delete snapshots older than two years.
Configure Amazon Inspector to find and delete old EBS snapshots.
Schedule an AWS Lambda function using Amazon CloudWatch Events to periodically run a script to delete old snapshots.
Configure an Amazon CloudWatch alarm to trigger the launch of an AWS CloudFormation template that will clean the older snapshots.
Explanations:
Amazon S3 lifecycle policies are used to manage objects in S3, not EBS snapshots. EBS snapshots are not directly managed by S3 lifecycle policies.
Amazon Inspector is a security assessment service and cannot be used to find or delete EBS snapshots. It is not designed for snapshot management.
Using an AWS Lambda function scheduled with Amazon CloudWatch Events is an effective way to automate the deletion of old EBS snapshots after the retention period expires. Lambda can run a script to identify and delete snapshots older than two years.
Amazon CloudWatch alarms are for monitoring metrics and triggering actions, but they do not directly manage or delete resources like EBS snapshots. A CloudFormation template would not be appropriate for periodic snapshot deletion.
I scheme that the answer is:
Schedule an AWS Lambda function using Amazon CloudWatch Events to periodically run a script to delete old snapshots.