Amazon EBS

Amazon Elastic Block Storage (EBS) allows you to create storage volumes and attach them to Amazon EC2 instances. Once attached, you can create a file system on top of these volumes, run a database, or use them in any other way you would use a block device. Amazon EBS volumes are placed in a specific Availability Zone, where they are automatically replicated to protect you from the failure of a single component.

Note that you cannot mount 1 EBS volume to multiple EC2 instances. For that, you'll need to use EFS.

Volume Types

SSD

  • General Purpose SSD (GP2)
    • Balances both price and performance.
  • Provisioned IOPS SSD (IO1)
    • Designed for I/O intensive applications such as large relational or NoSQL databases.
    • Use if you need more than 10,000 IOPS (input/output operations per second).

Magnetic

  • Throughput Optimized HDD (ST1)
    • Typical use cases include big data, data warehouses, and log processing. This volume type is best with sequential writes.
    • Note that you cannot boot these volumes.
  • Cold HDD (SC1)
    • Lowest cost storage for infrequently access workloads.
    • Typical use case is a file server.
    • Note that you cannot boot these volumes.
  • Magnetic (Standard)
    • Lowest cost per gigabyte of all EBS volume types that is bootable.
    • Magnetic volumes are ideal for workloads where data is accessed infrequently, and applications where the lowest storage cost is important.

Properties

  • You can change EBS volume sizes on the fly (without downtime), including changing the size and storage type.
  • Volumes must ALWAYS be in the same Availability Zone as the EC2 instance.
  • To move an EBS volume from one AZ/Region to another, take a snapshot or an image of it, then copy it to the new AZ/Region.

Snapshots

Snapshots are point in time copies of Volumes. Snapshots exist in S3. Snapshots are incremental; only the blocks that have changed since your last snapshot are moved to S3. If this is your first snapshot, it may take some time to create.

To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance before taking the snapshot. However you can take a snap while the instance is running.

You can share snapshots, but only if they are unencrypted. These snapshots can be shared with other AWS accounts or made public.

Encryption

Attached Volumes

You may choose to encrypt attached EBS volumes when you create them. Volumes that are created from encrypted snapshots are automatically encrypted, and volumes that are created from unencrypted snapshots are automatically unencrypted.

Root Volumes

You can encrypt the root device volume using the operating system level encryption. This may be done with a third-party tool like BitLocker. You can also encrypt the root device volume by first taking a snapshot of that volume, and then creating a copy of that snap with encryption. You can then make an AMI of this snap and deploy the encrypted root device volume.