*** New topics added for the SOA-C02 ***
Amazon Elastic Block Store volumes are network attached storage that can be attached to EC2 instances.
EBS volume data persists independently of the life of the instance.
EBS volumes do not need to be attached to an instance.
You can attach multiple EBS volumes to an instance.
EBS volume data is replicated across multiple servers in an Availability Zone (AZ).
EBS volumes must be in the same AZ as the instances they are attached to.
EBS Volume Types
SSD, General Purpose – GP2.
- Baseline of 3 IOPS per GiB with a minimum of 100 IOPS.
- Burst up to 3000 IOPS (for volumes >= 334GB).
- Up to 16,000 IOPS per volume.
- AWS designs gp2 volumes to deliver 90% of the provisioned performance 99% of the time. A gp2 volume can range in size from 1 GiB to 16 TiB.
SSD, Provisioned IOPS – I01.
- More than 16,000 IOPS.
- Up to 64,000 IOPS per volume.
- Up to 50 IOPS per GiB.
- Amazon EBS delivers the provisioned IOPS performance 99.9 percent of the time.
HDD, Throughput Optimized – (ST1):
- Frequently accessed, throughput intensive workloads with large datasets and large I/O sizes, such as MapReduce, Kafka, log processing, data warehouse, and ETL workloads.
- Throughput measured in MB/s, and includes the ability to burst up to 250 MB/s per TB, with a baseline throughput of 40 MB/s per TB and a maximum throughput of 500 MB/s per volume.
- Cannot be a boot volume.
HDD, Cold – (SC1):
- Lowest cost storage – cannot be a boot volume.
- Less frequently accessed workloads with large, cold datasets.
- These volumes can burst up to 80 MB/s per TB, with a baseline throughput of 12 MB/s per TB and a maximum throughput of 250 MB/s per volume.
HDD, Magnetic – Standard – cheap, infrequently accessed storage – lowest cost storage that can be a boot volume (AWS documentation does not reflect this but you CAN still choose magnetic when launching an instance).
EBS optimized instances:
- Dedicated capacity for Amazon EBS I/O.
- EBS-optimized instances are designed for use with all EBS volume types.
- Max bandwidth: 400 Mbps – 12000 Mbps.
- IOPS: 3000 – 65000.
- GP-SSD within 10% of baseline and burst performance 99.9% of the time.
- PIOPS within 10% of baseline and burst performance 99.9% of the time.
- Additional hourly fee.
- Available for select instance types.
- Some instance types have EBS-optimized enabled by default.
An instance store provides temporary (non-persistent) block-level storage for your instance.
This is different to EBS which provides persistent storage but is also a block storage service that can be a root or additional volume.
Instance store storage is located on disks that are physically attached to the host computer.
Instance store is ideal for temporary storage of information that changes frequently, such as buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.
EBS vs Instance Store
EBS-backed means the root volume is an EBS volume and storage is persistent.
Instance store-backed means the root volume is an instance store volume and storage is not persistent.
On an EBS-backed instance, the default action is for the root EBS volume to be deleted upon termination.
Instance store volumes are sometimes called Ephemeral storage (non-persistent).
Instance store backed instances cannot be stopped. If the underlying host fails the data will be lost.
Instance store volume root devices are created from AMI templates stored on S3.
EBS backed instances can be stopped. You will not lose the data on this instance if it is stopped (persistent).
EBS volumes can be detached and reattached to other EC2 instances.
EBS volume root devices are launched from AMI’s that are backed by EBS snapshots.
Instance store volumes cannot be detached/reattached.
When rebooting the instances for both types data will not be lost.
By default, both root volumes will be deleted on termination unless you configured otherwise.
Snapshots capture a point-in-time state of an instance.
Cost-effective and easy backup strategy.
Share data sets with other users or accounts.
Can be used to migrate a system to a new AZ or region.
Can be used to convert an unencrypted volume to an encrypted volume.
Snapshots are stored on Amazon S3.
If you make periodic snapshots of a volume, the snapshots are incremental, which means that only the blocks on the device that have changed after your last snapshot are saved in the new snapshot.
Even though snapshots are saved incrementally, the snapshot deletion process is designed so that you need to retain only the most recent snapshot in order to restore the volume.
Snapshots can only be accessed through the EC2 APIs.
EBS volumes are AZ specific but snapshots are region specific.
You can encrypt both the boot and data volumes of an EC2 instance. When you create an encrypted EBS volume and attach it to a supported instance type, the following types of data are encrypted:
- Data at rest inside the volume.
- All data moving between the volume and the instance.
- All snapshots created from the volume.
- All volumes created from those snapshots.
Expect the same IOPS performance on encrypted volumes as on unencrypted volumes.
EBS encrypts your volume with a data key using the industry-standard AES-256 algorithm.
Your data key is stored on-disk with your encrypted data, but not before EBS encrypts it with your CMK. Your data key never appears on disk in plaintext.
The same data key is shared by snapshots of the volume and any subsequent volumes created from those snapshots.
Snapshots of encrypted volumes are encrypted automatically.
EBS volumes restored from encrypted snapshots are encrypted automatically.
EBS volumes created from encrypted snapshots are also encrypted.
You can share snapshots, but if they’re encrypted it must be with a custom CMK key.
You can check the encryption status of your EBS volumes with AWS Config.
An Amazon Machine Image (AMI) is a special type of virtual appliance that is used to create a virtual machine within the Amazon Elastic Compute Cloud (“EC2”).
An AMI includes the following:
- A template for the root volume for the instance (for example, an operating system, an application server, and applications).
- Launch permissions that control which AWS accounts can use the AMI to launch instances.
- A block device mapping that specifies the volumes to attach to the instance when it’s launched.
AMIs are either instance store-backed or EBS-backed.
- You can copy an Amazon Machine Image (AMI) within or across an AWS region using the AWS Management Console, the AWS AWS Command Line Interface or SDKs, or the Amazon EC2 API, all of which support theCopyImage action.
- You can copy both Amazon EBS-backed AMIs and instance store-backed AMIs.
- You can copy encrypted AMIs and AMIs with encrypted snapshots.
Deployment and Provisioning
Termination protection is turned off by default and must be manually enabled (keeps the volume/data when the instance is terminated).
Root EBS volumes are deleted on termination by default.
Extra non-boot volumes are not deleted on termination by default.
The behaviour can be changed by altering the “DeleteOnTermination” attribute.
Volume sizes and types can be upgraded without downtime (except for magnetic standard).
Elastic Volumes allow you to increase volume size, adjust performance, or change the volume type while the volume is in use.
To migrate volumes between AZ’s create a snapshot then create a volume in another AZ from the snapshot (possible to change size and type).
Volumes can be created from EBS snapshots that are the same size or larger.
Snapshots can be taken of non-root EBS volumes while running.
To take a consistent snapshots writes must be stopped (paused) until the snapshot is complete – if not possible the volume needs to be detached, or if it’s an EBS root volume the instance must be stopped.
You can resize volumes through restoring snapshots with different sizes (configured when taking the snapshot).
Snapshots can be copied between regions (and be encrypted). Images are then created from the snapshot in the other region which creates an AMI that can be used to boot an instance.
You can create volumes from snapshots and choose the availability zone within the region.
EBS Copying, Sharing and Encryption Methods
The following diagram depicts the various options for copying EBS volumes, sharing AMIs and snapshots and applying encryption:
Redundant Array of Independent Disks (RAID)
RAID can be used to increase IOPS.
RAID 0 = 0 striping – data is written across multiple disks and increases performance but no redundancy.
- Use 2 or more disks.
- If one disk fails the entire RAID set fails.
RAID 1 = 1 mirroring – creates 2 copies of the data but does not increase performance, only redundancy.
- If one disk fails, the other is still working.
- Data gets sent to 2 EBS volumes at the same time.
RAID 0 and RAID 1 are potential options on EBS.
RAID 5 and RAID 6 are not recommended by AWS.
You can configure multiple striped gp2 or standard volumes (typically RAID 0).
You can configure multiple striped PIOPS volumes (typically RAID 0).
RAID is configured through the guest OS.
EBS optimized EC2 instances are another way of increasing performance.
Ensure the EC2 instance can handle the bandwidth required for the increased performance.
Use EBS optimized instances or instances with a 10 Gbps network interface.
Not recommended to use RAID for root/boot volumes.
Monitoring and Reporting
Amazon Elastic Block Store (Amazon EBS) sends data points to CloudWatch for several metrics.
A few specific specific metrics to understand for the exam:
- DiskReadBytes / DiskWriteBytes:
- Relates to Instance Store volumes NOT to EBS.
- Included in the AWS/EC2 namespace.
- VolumeReadBytes / VolumeWriteBytes:
- Relates to the EBS volume.
- Included in the AWS/EBS namespace.
There are two types of Amazon CloudWatch monitoring available for Amazon EBS volumes:
- Basic – Data is available automatically in 5-minute periods at no charge. This includes data for the root device volumes for EBS-backed instances.
- Detailed – Provisioned IOPS SSD (
io1) volumes automatically send one-minute metrics to CloudWatch.
Amazon EBS General Purpose SSD (gp2), Throughput Optimized HDD (st1) , Cold HDD (sc1), and Magnetic (standard) volumes automatically send five-minute metrics to CloudWatch.
Provisioned IOPS SSD (io1) volumes automatically send one-minute metrics to CloudWatch. Data is only reported to CloudWatch when the volume is attached to an instance.
Volume status checks enable you to better understand, track, and manage potential inconsistencies in the data on an Amazon EBS volume.
Logging and Auditing
Amazon EC2 and Amazon EBS are integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Amazon EC2 and Amazon EBS.
CloudTrail captures all API calls for Amazon EC2 and Amazon EBS as events, including calls from the console and from code calls to the APIs.
Amazon Data Lifecycle Manager (DLM)
Automates the creation, retention, and deletion of EBS snapshots and EBS-backed AMIs.
- Protect valuable data by enforcing a regular backup schedule.
- Create standardized AMIs that can be refreshed at regular intervals.
- Retain backups as required by auditors or internal compliance.
- Reduce storage costs by deleting outdated backups.
- Create disaster recovery backup policies that back up data to isolated accounts.