An enterprise is designing a backup strategy for its AWS environment. They have hundreds of EC2 instances, RDS databases, and EFS file systems across 20 accounts in AWS Organizations. Compliance requires that all backups be stored in a centralized, isolated account and retained for 5 years. Backups must be immutable. What is the MOST operationally efficient solution?

Write a custom AWS Lambda function to trigger snapshots and copy them to a central account S3 bucket with Object Lock.

Use AWS Backup with cross-account management via AWS Organizations. Configure a backup vault in a central account with Vault Lock enabled.

Enable AWS Config rules to ensure snapshots are taken, and use Systems Manager to copy them to a central account.

Use Data Lifecycle Manager (DLM) to manage EC2 snapshots and RDS automated backups, sharing them with the central account.