Amazon Elastic Block Store (EBS)
Amazon EBS (Elastic Block Store) is a service that provides virtual hard drives for your cloud computers in Amazon Web Services (AWS). It is designed to be used with Amazon EC2 instances, which are AWS's virtual servers.
Why It Is Used
Think of an EC2 instance as a laptop and an EBS volume as a plug-in external hard drive. You need it to keep your data safe and running smoothly.
- Data Storage: It gives your cloud servers a place to store the operating system, files, and databases.
- Data Safety: The data stays saved even if you turn off, restart, or delete your virtual server.
- Easy Scaling: You can increase the size of your storage or change its speed with a few clicks, without turning off your server.
- Automatic Backups: It lets you take "snapshots," which are quick copies of your drive that you can use to restore your data if something goes wrong.
The Different Types of EBS
AWS offers different kinds of EBS drives depending on what you need them for and your budget:
- SSD (Solid State Drives): These are very fast and built for heavy-duty tasks like running databases or booting up operating systems.
- HDD (Hard Disk Drives): These are cheaper, larger drives built for storing big files that you do not need to look at every single second, like logs or data backups.
What is a Block Storage?
In Amazon Elastic Block Store (EBS), block storage is a virtual hard drive attached to a cloud server (Amazon EC2 instance). It divides any file or database record into fixed-size segments called "blocks". Each block has a unique address, allowing your operating system to quickly read, write, and modify the data.
Because they function just like raw physical hard drives, EBS block storage features several specific mechanics:
- File System Control: Unlike object storage (like Amazon S3), block storage relies on a file system (e.g., ext4 for Linux or NTFS for Windows) managed by the attached EC2 instance.
- Persistency: EBS volumes exist independently of the EC2 instances they are attached to. If you stop or terminate your virtual server, the data on your EBS volume remains intact.
- Performance Customization: You can select specialized volume types depending on your needs. For instance, General Purpose SSDs (gp3) for standard workloads, or Provisioned IOPS SSDs (io2) for extreme I/O workloads like SAP HANA databases.
- Elastic Scaling: You can scale storage capacity or adjust performance (IOPS) on the fly without shutting down your instance.
An AWS EBS volume is not bound to a Virtual Private Cloud (VPC) or a subnet, but it is strictly bound to a single Availability Zone (AZ) inside a specific AWS Region. It also does not use security groups, and an EC2 instance does not require an IAM role just to read or write data to it.
Understanding how networking, security, and permissions apply to EBS requires breaking down how these components interact:
1. Networking: Regions, VPCs, and Subnets
- Bound to an Availability Zone (AZ): When you create an EBS volume, you must pick a specific AZ (like us-east-1a).
- The EC2 Connection Rule: An EC2 instance can only talk to an EBS volume if both are in the exact same Availability Zone.
- No VPC or Subnet Ties: Because EBS is a storage resource, it sits outside your virtual network. It does not get an IP address, it does not live inside a subnet, and it does not care which VPC your EC2 instance belongs to—as long as the EC2 instance is running in that same AZ.
2. Security: Does it have a Security Group?
- No, EBS volumes do not have Security Groups. Security groups are virtual firewalls for network traffic (like web traffic or SSH).
- How it is protected: Since EBS data does not travel over the open network to reach your instance, it doesn't use network firewalls. Instead, access is locked down by attaching the volume directly to the hypervisor hosting your EC2 instance.
3. Permissions: Does EC2 need an IAM Role?
- No IAM Role needed for basic data access: Your operating system and applications inside the EC2 instance can read and write files to an attached EBS volume automatically. You do not need to create or assign any [AWS Identity and Access Management (IAM) roles](https://docs.aws.amazon.com/ebs/latest/userguide/security_iam_service-with-iam.html "what is "block storage" in ebs?") to the EC2 instance for standard storage operations.
- When you DO need IAM: You only need IAM permissions if code running inside your EC2 instance needs to make control changes to the AWS infrastructure. Examples include using the AWS CLI or an API to create a new volume, take a snapshot backup, or detach a drive from the server.
Scenario 1: Moving EBS Data to a Different Region
Because an EBS volume is locked to one Availability Zone (AZ), you cannot simply unplug it and move it to another part of the world. Instead, you use Snapshots to copy the data.
The Step-by-Step Process:
- Take a Snapshot: You create a snapshot of your EBS volume. This is a point-in-time backup saved securely in Amazon S3.
- Copy the Snapshot: You use the AWS console or API to copy that snapshot from your current region (e.g., us-east-1) to your new target region (e.g., eu-west-1).
- Create a New Volume: Once the copy arrives in the new region, you use that snapshot to create a brand-new EBS volume inside your chosen AZ.
- Attach to EC2: Finally, you plug this new volume into your EC2 instance in the new region.
Key Benefits:
- Easy Migration: Great for moving your entire application or website to a data centre closer to your customers.
- Disaster Recovery: Helps you keep a backup copy of your data in a completely different part of the world in case a whole region goes offline.
Scenario 2: Sharing Data Between Multiple EC2 Instances
Standard EBS volumes can only be attached to one EC2 instance at a time. If you need multiple servers to read and write to the same storage simultaneously, you have two main options depending on your needs.
Option A: EBS Multi-Attach (For block-level sharing)
If you specifically want to use EBS, you can use a feature called EBS Multi-Attach on specific high-performance volume types (io1 and io2).
- How it works: This allows you to attach a single EBS volume to up to 16 EC2 instances at the exact same time.
- The Catch: All instances must be in the same Availability Zone. Also, your application must use a special "cluster file system" to ensure the servers don't accidentally overwrite each other's data at the same time.
Option B: Amazon EFS (The recommended way for most file sharing)
If your servers are spread across different AZs or you just want an easier way to share files (like a shared folder for images, PDFs, or code), you should use Amazon EFS (Elastic File System) instead of EBS.
- How it works: EFS is built on file storage (like a network drive) rather than block storage.
- The Benefits: Thousands of EC2 instances can connect to it at the same time. Unlike EBS, EFS is bound to your VPC and subnets, meaning servers in different AZs can easily share the same files safely.
EBS is block storage that can be attached to an AWS instance and used as a virtual hard disk. An EBS volume can be up to 16TB in size.
- Part of EC2 ecosystem
- Manages 3 entities:
- Volumes
- Snapshots
- Lifecycle Manager
- system storage for AWS EC2 VMs
- reduces risk
- durable
- secure
- avoid risks of physical media handling
- 2 types:
- Solid State Drive (SSD) - backed:
- general purpose
- provisioned IOPS
- Hard Disk Drive (HDD) - backed:
- Throughput optimized
- Cold
- EBS can be attached only to EC2 instance which is in the same Availabilty Zone [amazon web services - Is it possible to change the EBS volume to different availability zones? - Server Fault]
- Multi-Attach feature allows EC2 instances to share a single EBS volume for up to 16 instances and provide higher availability of your applications for Linux workloads
Only a single EC2 instance, in a single AZ can access data on EBS.
- root volume
- Contains the image used to boot the instance
- Each instance has a single root volume
- (optionally) more storage volumes
- They can be added to EC2 instances when they are launched or after they are running
Storage typeThe storage type used for the volume.EBS volumes are block-level storage volumes that persist independently from the lifetime of an EC2 instance, so you can stop and restart your instance at a later time without losing your data. You can also detach an EBS volume from one instance and attach it to another instance. EBS volumes are billed separately from the instance’s usage cost.Instance store volumes are physically attached to the host computer. These volumes provide temporary block storage that persists only during the lifetime of the instance. If you stop, hibernate, or terminate an instance, data on instance store volumes is lost. The instance type determines the size and number of the instance store volumes available and the type of hardware used for the instance store volumes. Instance store volumes are included as part of the instance's usage cost.
Device nameThe available device names for the volume.The device name that you assign is used by Amazon EC2. The block device driver for the instance assigns the actual volume name when mounting the volume. The volume name assigned by the block device driver might differ from the device name that you assign.The device names that you're allowed to assign depends on the virtualization type of the selected instance.
SnapshotThe snapshot from which to create the volume. A snapshot is a point-in-time backup of an EBS volume.When you create a new volume from a snapshot, it's an exact copy of the original volume at the time the snapshot was taken.EBS volumes created from encrypted snapshots are automatically encrypted and you can’t change their encryption status. EBS volumes created from unencrypted snapshots can be optionally encrypted.
Size (GiB)The size of the volume, in GiB.If you are creating the volume from a snapshot, then the size of the volume can’t be smaller than the size of the snapshot.Supported volume sizes are as follows:io1: 4 GiB to 16,384 GiBio2: 4 GiB to 65,536 GiBgp2 and gp3: 1 GiB to 16,384 GiBst1 and sc1: 125 GiB to 16,384 GiBMagnetic (standard): 1 GiB to 1024 GiB
Volume typeThe type of volume to attach. Volume types include:
- General Purpose SSD (gp2 and gp3) volumes offer cost-effective storage that is ideal for a broad range of workloads.
- Provisioned IOPS SSD (io1 and io2) volumes provide low latency and are designed to meet the needs of I/O-intensive workloads. They are best for EBS-optimized instances.
- Throughput Optimized HDD (st1) volumes provide low-cost magnetic storage that is a good fit for large, sequential workloads.
- Cold HDD (sc1) volumes provide low-cost magnetic storage that offers lower throughput than st1. sc1 is a good fit for large, sequential cold-data workloads that require infrequent access to data.
- Magnetic (standard) volumes are best suited for workloads where data is accessed infrequently.
IOPSThe requested number of I/O operations per second that the volume can support.It is applicable to Provisioned IOPS SSD (io1 and io2) and General Purpose SSD (gp2 and gp3) volumes only.Provisioned IOPS SSD (io1 and io2) io1 volumes support between 100 and 64,000 IOPS, and io2 volumes support between 100 and 256,000 IOPS depending on the volume size. For io1 volumes, you can provision up to 50 IOPS per GiB. For io2 volumes, you can provision up to 1000 IOPS per GiB.For General Purpose SSD (gp2) volumes, baseline performance scales linearly at 3 IOPS per GiB from a minimum of 100 IOPS (at 33.33 GiB and below) to a maximum of 16,000 IOPS (at 5,334 GiB and above). General Purpose SSD (gp3) volumes support a baseline of 3,000 IOPS. Additionally, you can provision up to 500 IOPS per GiB up to a maximum of 16,000 IOPS.Magnetic (standard) volumes deliver approximately 100 IOPS on average, with a burst capability of up to hundreds of IOPS.For Throughput Optimized HDD (st1) and Cold HDD (sc1) volumes, performance is measured in throughput (MiB/s).
Delete on terminationIndicates whether the volume should be automatically deleted when the instance is terminated.If you disable this feature, the volume will persist independently from the running life of an EC2 instance. When you terminate the instance, the volume will remain provisioned in your account. If you no longer need the volume after the instance has been terminated, you must delete it manually.You can also change the delete on termination behavior after the instance has been launched.
EncryptedThe encryption status of the volume.Amazon EBS encryption is an encryption solution for your EBS volumes. Amazon EBS encryption uses AWS KMS keys to encrypt volumes.Considerations:
- If your account is enabled for encryption by default, you can't create unencrypted volumes.
- If you selected an encrypted snapshot, the volume is automatically encrypted.
- If your account is not enabled for encryption by default, and you did not select a snapshot or you selected an unencrypted snapshot, encryption is optional.
- You can create an encrypted io2 volumes in any size and IOPS configuration. However, to create an encrypted volume that has a size greater than 16 TiB, or IOPS greater than 64,000 from an unencrypted snapshot, or a shared encrypted snapshot from an unencrypted snapshot, you must first create an encrypted snapshot in your account and then use that snapshot to create the volume.
KMS keyThe KMS key that will be used to encrypt the volume.Amazon EBS encryption uses AWS KMS keys when creating encrypted volumes and snapshots. EBS encrypts your volume with a data key using the industry-standard AES-256 algorithm. Your data key is stored on disk with your encrypted data, but not before EBS encrypts it with your KMS key. Your data key never appears on disk in plaintext. The same data key is shared by snapshots of the volume and any subsequent volumes created from those snapshots.
ThroughputThroughput that the volume can support specified for Streaming Optimized volumes
EBS Volume Lifecycle
![]() |
| credit: View information about an Amazon EBS volume - Amazon EBS |
Creating a volume snapshot
You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups, which means that only the blocks on the device that have changed since the last snapshot are backed up. Each snapshot that you create contains all of the information that is needed to fully restore an EBS volume.When you create a snapshot, only data that has already been written to the volume is backed up. This might exclude data that has been cached by any applications or the operating system. To ensure a consistent and complete snapshot, we recommend that you pause write operations to the volume or that you unmount the volume from the instance before creating the snapshot.Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created from encrypted snapshots are also automatically encrypted.

























