A company runs an Amazon RDS MySQL DB instance. Corporate policy requires that a daily backup of the database must be copied to a separate security account. What is the MOST cost-effective way to meet this requirement?
A.
Copy an automated RDS snapshot to the security account using the copy-db-snapshot command with the AWS CLI.
B.
Create an RDS MySQL Read Replica for the critical database in the security account, then enable automatic backups for the Read Replica.
C.
Create an RDS snapshot with the AWS CLI create-db-snapshot command, share it with the security account, then create a copy of the shared snapshot in the security account.
D.
Use AWS DMS to replicate data from the critical database to another RDS MySQL instance in the security account, then use an automated backup for the RDS instance.
C is right
A: AUtomated backups snapshots cant be shared and needed to be shared first
B: Read Replica not cost effecteive
D: DMS needs another RDS instance and not cost effective
C seems to be correct
Only manual backup snapshots can be shared so this disqualifies option A
Refer to https://aws.amazon.com/th/premiumsupport/knowledge-center/rds-snapshots-share-account/ and https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/modify-db-snapshot-attribute.html
D requires another RDS instance which will thus incur costs
Option C (Create an RDS snapshot and share it): This option allows you to create a single snapshot and then share it with the security account. The shared snapshot can then be copied to the security account, ensuring that you only incur storage costs for the copy rather than storing multiple snapshots in both accounts.
This approach is cost-effective because it involves creating and copying snapshots, which generally have lower associated costs compared to options that involve creating additional instances or replicas.
"Copy an automated RDS snapshot to the security account using the copy-db-snapshot command with the AWS CLI." is incorrect. You cannot copy an automated DB snapshot.
C is correct.
I'll GO with A. Copy an automated RDS snapshot to the security account using the copy-db-snapshot command with the AWS CLI.
To share an automated DB snapshot, create a manual DB snapshot by copying the automated snapshot, and then share that copy. This process also applies to AWS Backup–generated resources.
At first I thought A was the right one, however, after reading the copy-db-snapshot cli manual, i found the command has no parmeters related to target account's ID. After in the description, it says "You can copy a snapshot from one AWS Region to another. In that case, the AWS Region where you call the CopyDBSnapshot action is the destination AWS Region for the DB snapshot copy." The keyword here is "AWS Region" not "AWS account", so I guess this command is mainly used to copy snapshot to different regions under same AWS account, where the question is asking about "Separated Account" of security team.
So I will choice C here.
PS: i wondering there is no cli to share snapshot to another AWS account instead of RDS console, please correct me if i am wrong here :-).
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html
Answer A
"With Amazon RDS, you can copy automated or manual DB snapshots. After you copy a snapshot, the copy is a manual snapshot.
You can copy a snapshot within the same AWS Region, you can copy snapshot across AWS Regions, and you can copy shared snapshots." With option C, there is too much unnecessary manual activity by the SYSOPS Admin. Do you really think that AWS hasn't created a process of automation is not available to it's customers via CLI, Management Console or API?
I believe in C.
read through the two link provided by aws_noob
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ShareSnapshot.html
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html
The goal is to secure the snapshot in another account, means the final step is copy a shared snapshot from the critical DB.
You can not copy snapshot to another acount, only different region of same account, so A is out of the way.
C is the correct order, first use cli to make a snapshot, so it is manual snapshot, can be shared directly. Share it to the security account, it will appear in the list of available snapshot on the security account. Then security account make a copy of it, the new copy is local to the security account.. Afterwards, whatever happened to the critical DB, we have a copy.
Ans I 100% A because they are looking for copy daily back up, Automated snapshot have daily backup and it can be copied to another account in same region. No question of sharing comes here. This is cost effective solution because you will consume default storage capacity which is in S3. I will vote for A.
Wrong: https://aws.amazon.com/blogs/database/implementing-a-disaster-recovery-strategy-with-amazon-rds/#:~:text=When%20automated%20backups%20are%20turned,your%20DB%20instance%20are%20made).
You can copy snapshot (manual bu) but not automated backup
Answer C:
Automated Amazon RDS snapshots can't be shared with other AWS accounts. To share an automated snapshot, copy the snapshot to make a manual version, and then share that copy
The answer is C. You can copy RDS snapshots to other accounts only after it is shared:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
bajwa360
Highly Voted 2 years, 7 months agokung07
Highly Voted 2 years, 7 months agoalbert_kuo
Most Recent 9 months, 3 weeks agoalbert_kuo
8 months, 3 weeks agogulu73
1 year, 3 months agoahaffar
2 years, 6 months agoRicardoD
2 years, 6 months agohdbs
2 years, 6 months agokhun
2 years, 6 months agojerry19
2 years, 6 months agosomeoneon99
2 years, 6 months agojerry19
2 years, 6 months agojackdryan
2 years, 6 months agoapwangzh
2 years, 6 months agoasim1982
2 years, 7 months agoMegatonN
2 years, 6 months agomerajk
2 years, 7 months agoJGD
2 years, 7 months agoAfolabi
2 years, 7 months agofyzzzz
2 years, 7 months ago