Block level storage volumes that can be attached to EC2 instances as root/boot or secondary volumes
HDD and SSD (root and secondary) are supported
Bootable root volume or secondary volume
General purpose SSD (code: gp2): You get 3 IOPS/GB credit every second. The volume is burstable to 3,000 IOPS. Each volume receives an initial I/O credit balance of 5.4 million I/O credits, which is enough to sustain the maximum burst performance of 3,000 IOPS for 30 minutes.
The burst duration of a volume is dependent on the size of the volume, the burst IOPS required, and the credit balance when the burst begins. This is shown in the following equation:
Provisioned IOPS (code: io1): 10,000 and above IOPS provisioned. You pay more based on the provision.
Magnetic Standard: Magnetic volumes are backed by magnetic drives and are suited for workloads where data is accessed infrequently, and scenarios where low-cost storage for small volume sizes is important. These volumes deliver approximately 100 IOPS on average, with burst capability of up to hundreds of IOPS, and they can range in size from 1 GiB to 1 TiB.
Secondary Volume only (can’t be used as root volume)
Throughput optimized HDD (code: st1): Data warehousing, log processing
COLD HDD (code: sc1): infrequently accessed such as file server
Replicated within the availability zone
All volumes except standard HDD can be modified/upgraded even while they are attached as root volumes to a running EC2
Only increase size possible
Can switch from gp2 to provisioned IOPS io1 and vice versa
Snapshots
Saved on S3
Incremental
Snapshots of encrypted volumes are encrypted automatically and vice versa
Can be shared with other accounts only if unencrypted
For unencrypted volumes, you can encrypt a volume’s data by means of snapshot CCR (Create/Copy/Resotre)
Create a snapshot of your unencrypted EBS volume. This snapshot is also unencrypted.
Copy the snapshot while applying encryption parameters. The resulting target snapshot is encrypted.
Restore the encrypted snapshot to a new volume, which is also encrypted.
Convert from unencrypted EC2 boot volume to encrypted boot volume
Create AMI (Create Image) (unencrypted EC2 –> unencrypted AMI)
Copy this image and check the Encryption box. Or use the CLI, you would use the copy-image mode with the --encrypted flag. (unencrypted AMI -> encrypted AMI)
Re launch a new EC2 from the new encrypted AMI and apply EIP etc and test
shutdown the old EC2
EBS and AZs and Regions
EC2 and its volumes must be in the same AZ. Since latency is important.
To move an existing volume from AZ1 to AZ2, you need to take a snapshot and restore volume from that snapshot in AZ2
You can copy a snapshot from Region 1 to Region 2 and then create an image or volume from that snapshot
AMIs
AMI’s are region specific.
AMIs can be created from snapshots or volumes
You can copy AMI from one region to another and then launch instance from the copied AMI in the new region
Marketplace AMIs are not encrypted at rest
Instance Store (Ephemeral storage)
Instance stores are saved on S3
Only certain EC2 types such as m class support instance store
EC2 instances having root instance store volume can’t be started/stopped. Only rebooted or terminated.
Instance store backed EC2 while terminated, no option to save the volume
Stop/start of EBS backed EC2 instance will provision the new instance on a different hypervisor/host