Which solution will meet these requirements in the MOST operationally efficient way?
Deploy an AWS Lambda function to each account to run EC2 instance snapshots on a scheduled basis.
Create an AWS CloudFormation stack set in the management account to add an AutoBackup=True tag to every EC2 instance.
Use AWS Backup in the management account to deploy policies for all accounts and resources.
Use a service control policy (SCP) to run EC2 instance snapshots on a scheduled basis in each account.
Explanations:
Deploying an AWS Lambda function in each account requires managing multiple Lambda functions, increasing operational overhead. This approach does not scale efficiently for multiple accounts.
CloudFormation StackSets help manage infrastructure but do not directly facilitate automated backups or EC2 snapshot management. Additionally, tagging EC2 instances does not automatically trigger backups.
AWS Backup allows centralized management of backup policies across multiple accounts in AWS Organizations, providing a scalable, automated solution for backing up EC2 instances across all accounts.
Service Control Policies (SCPs) are used for controlling permissions and access within an AWS Organization. They cannot schedule or trigger EC2 snapshots.
I compute that the answer is:
Use AWS Backup in the management account to deploy policies for all accounts and resources.
In my opinion, the answer is:
Use AWS Backup in the management account to deploy policies for all accounts and resources.