A company stores data in an Amazon Aurora PostgreSQL DB cluster. The company must store all the data for 5 years and must delete all the data after 5 years. The company also must indefinitely keep audit logs of actions that are performed within the database. Currently, the company has automated backups configured for Aurora.
Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)
A. Take a manual snapshot of the DB cluster.
B. Create a lifecycle policy for the automated backups.
C. Configure automated backup retention for 5 years.
D. Configure an Amazon CloudWatch Logs export for the DB cluster.
E. Use AWS Backup to take the backups and to keep the backups for 5 years.
I apologize for the confusion. Let's break down the requirements and the steps needed to meet them:
-
Data Retention for 5 Years: The company needs to store all data for 5 years and delete all data after 5 years. This can be achieved by configuring automated backup retention for 5 years in Amazon Aurora PostgreSQL DB cluster¹. However, Amazon Aurora does not support automated backup retention for more than 35 days⁴. Therefore, you might need to consider other backup solutions such as AWS Backup or manual snapshots.
-
Indefinite Audit Logs: The company needs to keep audit logs of actions performed within the database indefinitely. This can be achieved by using the PostgreSQL Audit extension (pgAudit) which is supported by Aurora PostgreSQL¹. You can also export the DB cluster logs to Amazon CloudWatch Logs¹ for indefinite storage and easy access².
Given these considerations, the correct steps would be:
E. Use AWS Backup to take the backups and to keep the backups for 5 years.
AWS Backup allows you to centralize and automate data protection across AWS services. You can create backup policies known as backup plans, which define when and how you want to back up your AWS resources such as your Amazon Aurora PostgreSQL DB cluster⁴.
D. Configure an Amazon CloudWatch Logs export for the DB cluster.
Exporting the DB cluster logs to Amazon CloudWatch Logs would allow the company to store and access log files indefinitely¹. This would help in keeping an audit trail of all actions performed within the database².
Please note that while option A (taking a manual snapshot of the DB cluster) could potentially be used as part of a backup strategy, it would not provide an automated solution for the 5-year retention requirement. Option B (creating a lifecycle policy for automated backups) is not applicable as Amazon Aurora does not support lifecycle policies for automated backups⁴.