AWS Certified Solutions Architect – Professional (SAP-C02) — Question 56

A company has a monolithic application that is critical to the company’s business. The company hosts the application on an Amazon EC2 instance that runs Amazon Linux 2. The company’s application team receives a directive from the legal department to back up the data from the instance’s encrypted Amazon Elastic Block Store (Amazon EBS) volume to an Amazon S3 bucket. The application team does not have the administrative SSH key pair for the instance. The application must continue to serve the users.

Which solution will meet these requirements?

Answer options

• A. Attach a role to the instance with permission to write to Amazon S3. Use the AWS Systems Manager Session Manager option to gain access to the instance and run commands to copy data into Amazon S3.
• B. Create an image of the instance with the reboot option turned on. Launch a new EC2 instance from the image. Attach a role to the new instance with permission to write to Amazon S3. Run a command to copy data into Amazon S3.
• C. Take a snapshot of the EBS volume by using Amazon Data Lifecycle Manager (Amazon DLM). Copy the data to Amazon S3.
• D. Create an image of the instance. Launch a new EC2 instance from the image. Attach a role to the new instance with permission to write to Amazon S3. Run a command to copy data into Amazon S3.

Correct answer: A

Explanation

Option A is correct because it allows access to the instance without needing the SSH key by using AWS Systems Manager Session Manager, thus enabling data transfer while keeping the application running. Option B involves rebooting and creating a new instance, which isn't necessary and may cause downtime. Option C does not directly address the backup requirement as it only creates a snapshot without transferring the data to S3. Option D also requires creating a new instance and does not leverage the existing instance's capabilities efficiently.