Which solution will meet these requirements with the LEAST management overhead?
Configure a lifecycle policy in Amazon Data Lifecycle Manager (Amazon DLM) to create the EBS volume snapshots with cross-Region backups enabled. Encrypt the snapshot copies by using AWS Key Management Service (AWS KMS).
Create a point-in-time snapshot of the EBS volumes. When the snapshot status is COMPLETED, copy the snapshots to another Region and set the Encrypted parameter to False.
Create a point-in-time snapshot of the EBS volumes. Copy the snapshots to an Amazon S3 bucket that uses server-side encryption. Turn on S3 Cross-Region Replication on the S3 bucket.
Schedule an AWS Lambda function with the Python runtime. Configure the Lambda function to create the EBS volume snapshots, encrypt the unencrypted snapshots, and copy the snapshots to another Region.
Explanations:
This option uses Amazon Data Lifecycle Manager (DLM) to automate the creation of EBS volume snapshots, enabling cross-Region backups with encryption. DLM manages the lifecycle of the snapshots, reducing management overhead, and using AWS Key Management Service (KMS) ensures that all snapshots, including those from unencrypted volumes, are encrypted during the copy process.
This option involves manually creating snapshots and copying them to another Region without enabling encryption for unencrypted snapshots. The requirement states that all backup data must be encrypted, which this option does not fulfill since it specifically sets the Encrypted parameter to False for the copies.
This option suggests copying the snapshots to an S3 bucket, but it doesn’t directly address the need for encrypting the EBS volume snapshots themselves. While S3 provides server-side encryption, it does not ensure that EBS snapshots are encrypted during the cross-Region backup process, leaving unencrypted snapshots unprotected.
Although this option uses a Lambda function to automate the snapshot creation and encryption process, it introduces more complexity and management overhead compared to option A. Managing Lambda functions requires additional configuration and monitoring, making it less suitable for the requirement of minimal management overhead.