Table of Contents
EC2 Elastic Block Storage – EBS Overview
- An EBS (Elastic Block Store) Volume is a network drive you can attach to your instances while they run
- Amazon EBS provides highly available, reliable, durable, block-level storage volumes that can be attached to a running instance
- It’s a network drive (i.e. not a physical drive)
- It uses the aws network to communicate the instance, which means there might be a bit of latency
- It can be detached from an EC2 instance and attached to another one quickly
- It’s locked to an Availability Zone (AZ)
- An EBS Volume in ‘us-east-1a’ cannot be attached to ‘us-east-1b’
- To move a volume across, you first need to snapshot it
- Have a provisioned capacity (size in GBs, and IOPS)
- You get billed for all the provisioned capacity
- You can increase the capacity of the drive over time
Benefits of using EBS volumes
Data availability
- EBS volume automatically replicated within its Availability Zone to prevent data loss due to failure of any single hardware component.
- You can attach an EBS volume to any EC2 instance in the same Availability Zone.
- EBS appears as a native block device similar to a hard drive or other physical device.
Data persistence
- An EBS volume is a storage that can persist independently from the life of an instance.
- You need to uncheck the ‘Delete on Termination’ check box when you configure EBS volumes for your instance on the EC2 console and the volume will not delete upon termination of the EC2 instance
- The data persists on the volume until the volume is deleted explicitly.
Data encryption
- You can create encrypted EBS volumes with the Amazon EBS encryption feature.
All EBS volume types support encryption. - Amazon EBS encryption uses 256-bit Advanced Encryption Standard algorithms (AES-256) and an Amazon-managed key infrastructure.
- The encryption occurs on the server that hosts the EC2 instance, providing encryption of data-in-transit from the EC2 instance to Amazon EBS storage.
Snapshots
- Amazon EBS provides the ability to create snapshots (backups) of any EBS volume and write a copy of the data in the volume to Amazon S3.
- These snapshots can be used to create multiple new EBS volumes or move volumes across Availability Zones.
- Snapshots of encrypted EBS volumes are automatically encrypted.
When you create a new volume from a snapshot, it’s an exact copy of the original volume at the time the snapshot was taken. - EBS volumes that are created from encrypted snapshots are automatically encrypted
- Snapshots are incremental backups, meaning that only the blocks on the volume that have changed after your most recent snapshot are saved
EBS Volume Types
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html
- Solid state drives (SSD)
- Purpose SSD (gp3, gp2)
- Provides a balance of price and performance.
- Recommend these volumes for most workloads.
- Provisioned IOPS SSD (io2, io1)
- Provides high performance for mission-critical, low-latency, or high-throughput workloads.
- Purpose SSD (gp3, gp2)
- Hard disk drives (HDD)
- Throughput Optimized HDD (st1)
- A low-cost HDD designed for frequently accessed, throughput-intensive workloads.
- Cold HDD (sc1)
- The lowest-cost HDD design for less frequently accessed workloads.
- Throughput Optimized HDD (st1)
- Previous generation volume types
- Magnetic (standard)
- Workloads where data is infrequently accessed
- Magnetic (standard)
EBS vs Instance Store
- Some instance do not come with Root EBS volumes
- Instead, they come with “Instance Store” (= ephemeral storage)
- Instance store is physically attached to the machine (EBS is a network drive)
- Pros:
- Better I/O performance (EBS gp2 has an max IOPS of 16000, io1 of 64000)
- Good for buffer / cache / scratch data / temporary content
- Data survives reboots
- Cons:
- On stop or termination, the instance store is lost
- You can’t resize the instance store
- Backups must be operated by the user
EBS Encryption
- You can encrypt both the boot and data volumes of an EC2 instance
- When you create an encrypted EBS volume and attach it to a supported instance type, the following types of data are encrypted:
- Data at rest inside the volume
- All data moving between the volume and the instance
- All snapshots created from the volume
- All volumes created from those snapshots
- Supported volume types
- All EBS volume types.
- Supported instance types
- Amazon EBS encryption is available on
- All current generation instance types
- Previous generation instance types: A1, C3, cr1.8xlarge, G2, I2, M3, and R3.
- Amazon EBS encryption is available on
EBS Snapshot
- EBS provides the ability to create snapshots (backups) of any EBS volume and write a copy of the data in the volume to S3, where it is stored redundantly in multiple Availability Zones
- Snapshots can be used to create new volumes, increase the size of the volumes or replicate data across Availability Zones
- Snapshots are incremental backups and store only the data that was changed from the time the last snapshot was taken.
- Snapshots size can probably be smaller then the volume size as the data is compressed before being saved to S3
- Even though snapshots are saved incrementally, the snapshot deletion process is designed so that you need to retain only the most recent snapshot in order to restore the volume.
- EBS Snapshots can be used to migrate or create EBS Volumes in different AZs or regions.
How incremental snapshots work
- In State 1, the volume has 10 GiB of data. Because Snap A is the first snapshot taken of the volume, the entire 10 GiB of data must be copied.
- In State 2, the volume still contains 10 GiB of data, but 4 GiB have changed. Snap B needs to copy and store only the 4 GiB that changed after Snap A was taken.
- In State 3, 2 GiB of data have been added to the volume, for a total of 12 GiB. Snap C needs to copy the 2 GiB that were added after Snap B was taken.
- The total storage required for the three snapshots is 16 GiB
EBS Snapshot creation
- Snapshots can be created from EBS volumes periodically and are point-in-time snapshots.
- Snapshots are incremental and only store the blocks on the device that changed since the last snapshot was taken
- Snapshots occur asynchronously; the point-in-time snapshot is created immediately while it takes time to upload the modified blocks to S3
- Recommended ways to create a Snapshot from an EBS volume are
- Pause all file writes to the volume
- Unmount the Volume -> Take Snapshot -> Remount the Volume
- Stop the instance – Take Snapshot (for root EBS volumes)
EBS Snapshot Encryption
- EBS snapshots fully support EBS encryption.
- Snapshots of encrypted volumes are automatically encrypted
- Volumes created from encrypted snapshots are automatically encrypted
- All data in flight between the instance and the volume is encrypted
- Unencrypted snapshot you own, can be encrypted during the copy process
- Encrypted snapshot that you own or have access to, can be encrypted with a different key during the copy process.
Amazon Block Store (EBS)