Amazon Elastic Block Store
Amazon Elastic Block Store (Amazon EBS)
provides persistent block storage volumes for use with Amazon EC2 instances in
the AWS Cloud. Each Amazon EBSvolume is
automatically replicated within its Availability Zone to protect you from
component failure, offering high availability and durability.
Amazon Elastic Block Store (Amazon
EBS) provides persistent block storage volumes for use with Amazon EC2 instances
in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its
Availability Zone to protect you from component failure, offering high
availability and durability. Amazon EBS volumes offer the consistent and
low-latency performance needed to run your workloads. With Amazon EBS, you can
scale your usage up or down within minutes – all while paying a low price for
only what you provision.
Amazon EBS is designed for
application workloads that benefit from fine tuning for performance, cost and
capacity. Typical use cases include Big Data analytics engines (like the
Hadoop/HDFS ecosystem and Amazon
EMR clusters), relational and NoSQL databases (like Microsoft
SQL Server and MySQL or Cassandra and MongoDB), stream and log processing
applications (like Kafka and Splunk), and data warehousing applications
Amazon EBS Features
Persistent block storage for Amazon EC2
delivering capabilities and performance for the most demanding applications
Choose between SSD-backed
or HDD-backed volumes that can deliver the performance you need for your most
demanding applications.
Each Amazon EBS volume is
designed for 99.999% availability and automatically replicates within its
Availability Zone to protect your applications from component failure.
Amazon EBS encryption
provides seamless support for data-at-rest and data-in-transit between EC2
instances and EBS volumes.
Amazon’s flexible access
control policies allow you to specify who can access which EBS volumes ensuring
secure access to your data.
Protect your data by
creating point-in-time snapshots of EBS volumes, which are backed up to Amazon
S3 for long-term durability.
Dynamically increase
capacity, tune performance, and change the type of live EBS volumes.
Highly available, high performance, persistent block storage for
Amazon EC2.
Each Amazon EBS volume
provides redundancies within its Availability Zone to protect against failures.
Encryption and access control policies deliver a strong defense-in-depth
security strategy for your data.
Amazon EBS General Purpose
(SSD) volumes and Amazon EBS Provisioned IOPS (SSD) volumes deliver low-latency
through SSD technology and consistent I/O performance scaled to the needs of
your application.
Protect your data by taking
point-in-time snapshots of your Amazon EBS volumes providing long-term
durability for your data. Boost the agility of your business by using Amazon
EBS snapshots to create new EC2 instances.
Amazon EBS allows you to
optimize your volumes for capacity, performance, or cost giving you the ability
to dynamically adapt to the changing needs of your business.
Amazon EBS provides the
ability to copy snapshots across AWS regions, enabling geographical expansion,
data center migration, and disaster recovery providing flexibility and
protecting for your business.
An Amazon EBS–optimized
instance provides dedicated network capacity for Amazon EBS volumes. This
provides the best performance for your EBS volumes by minimizing network
contention between EBS and your instance.
Amazon EBS technology is a critical infrastructure component for
today's hottest companies across every industry.
Amazon EBS is an excellent choice for applications that need
persistent block storage ideal for databases, data warehousing, big data
applications and other low latency interactive applications that demand the
highest IOPS or throughput and low latency with consistent, predictable
performance.
Relational Databases
Amazon
EBS scales with your performance needs, whether you are supporting millions of
gaming customers or billions of e-commerce transactions. Databases such as
Oracle, Microsoft SQL Server, MySQL and PostgreSQL are widely deployed on
Amazon EBS.
Enterprise
Applications
Amazon
EBS meets the diverse needs of your organization by providing reliable block
storage to run mission-critical applications such as Oracle, SAP, Microsoft
Exchange and Microsoft SharePoint.
Development and Test
Amazon
EBS enables your organization to be more agile and responsive to customer
needs. Provision, duplicate, scale, or archive your development, test and
production environments with a few clicks.
NoSQL Databases
Amazon
EBS volumes provide the consistent and low-latency performance your application
needs when running NoSQL databases.
Business Continuity
Minimize
data loss and recovery time by regularly backing up your data and log files
across different geographic regions. Copy Amazon Machine Images (AMIs) and EBS
Snapshots to launch applications in new AWS regions.
Creating an Amazon EBS Volume
Creating an
Amazon EBS Volume. You can create an Amazon EBS
volume that you can then attach to any EC2 instance within the same
Availability Zone. You can choose to create an encrypted EBS
volume, but encrypted volumes can only be attached to
selected instance types.
You can
create an Amazon EBS volume that you can then attach to any EC2 instance within
the same Availability Zone. You can choose to create an encrypted EBS volume,
but encrypted volumes can only be attached to selected instance types. For more
information, see Supported Instance Types.
You can use IAM policies to enforce encryption on new volumes. For more
information, see the example IAM policies in 4. Working with Volumes and 5: Launching Instances
(RunInstances).
You can
also create and attach EBS volumes when you launch instances by specifying a
block device mapping. For more information, see Launching an Instance and Block Device Mapping.
You can restore volumes from previously created snapshots. For more
information, see Restoring an Amazon EBS
Volume from a Snapshot.
You can
apply tags to EBS volumes at the time of creation. With tagging, you can
simplify tracking of your Amazon EC2 resource inventory. Tagging on creation
can be combined with an IAM policy to enforce tagging on new volumes. For more
information, see Tagging
Your Resources.
If you
are creating a volume for a high-performance storage scenario, you should make
sure to use a Provisioned IOPS SSD (
io1) volume and attach it
to an instance with enough bandwidth to support your application, such as an
EBS-optimized instance or an instance with 10-Gigabit network connectivity. The
same advice holds for Throughput Optimized HDD (st1) and
Cold HDD (sc1) volumes. For more information, see Amazon EC2 Instance
Configuration.
New EBS
volumes receive their maximum performance the moment that they are available
and do not require initialization (formerly known as pre-warming). However,
storage blocks on volumes that were restored from snapshots must be initialized
(pulled down from Amazon S3 and written to the volume) before you can access
the block. This preliminary action takes time and can cause a significant
increase in the latency of an I/O operation the first time each block is
accessed. For most applications, amortizing this cost over the lifetime of the
volume is acceptable. Performance is restored after the data is accessed once.
For more information, seeInitializing Amazon EBS
Volumes.
To create an EBS volume
using the console
1.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2.
From the navigation bar, select the region in which you would
like to create your volume. This choice is important because some Amazon EC2
resources can be shared between regions, while others can't. For more
information, see Resource Locations.
3.
In the navigation pane, choose ELASTIC BLOCK STORE, Volumes.
4.
Choose Create Volume.
5.
For Volume Type, choose a volume type. For more
information, see Amazon EBS Volume Types.
Note
Some
AWS accounts created before 2012 might have access to Availability Zones in
us-west-1 or ap-northeast-1 that do not support Provisioned IOPS SSD (
io1)
volumes. If you are unable to create an io1 volume (or launch
an instance with an io1 volume in its
block device mapping) in one of these regions, try a different Availability
Zone in the region. You can verify that an Availability Zone supports io1 volumes
by creating a 4 GiB io1 volume in that
zone.
6.
For Size (GiB), type the size of the volume.
7.
With a Provisioned IOPS SSD volume, for IOPS, type
the maximum number of input/output operations per second (IOPS) that the volume
should support.
8.
For Availability Zone, choose the Availability Zone
in which to create the volume. EBS volumes can only be attached to EC2
instances within the same Availability Zone.
9.
(Optional) To create an encrypted volume, select the Encrypted box
and choose the master key you want to use when encrypting the volume. You can
choose the default master key for your account, or you can choose any customer
master key (CMK) that you have previously created using the AWS Key Management
Service. Available keys are visible in the Master Key menu, or
you can paste the full ARN of any key that you have access to. For more
information, see the AWS Key Management Service
Developer Guide.
Note
Encrypted
volumes can only be attached to selected instance types. For more information,
see Supported Instance Types.
10.
(Optional) Choose Create additional tags to add
tags to the volume. For each tag, provide a tag key and a tag value.
11.
Choose Create Volume.
To create an EBS volume
using the command line
You can
use one of the following commands. For more information about these command
line interfaces, see Accessing Amazon EC2.
·
create-volume (AWS
CLI)
·
New-EC2Volume (AWS
Tools for Windows PowerShell)
Amazon
Machine Images (AMI)
An
Amazon Machine Image (AMI) provides the information required to launch an
instance, which is a virtual server in the cloud. You specify an AMI when you
launch an instance, and you can launch as many instances from the AMI as you
need. You can also launch instances from as many different AMIs as you need.
An AMI
includes the following:
·
A template for the root volume for the instance (for example, an
operating system, an application server, and applications)
·
Launch permissions that control which AWS accounts can use the
AMI to launch instances
·
A block device mapping that specifies the volumes to attach to
the instance when it's launched
Using an AMI
The
following diagram summarizes the AMI lifecycle. After you create and register
an AMI, you can use it to launch new instances. (You can also launch instances
from an AMI if the AMI owner grants you launch permissions.) You can copy an
AMI to the same region or to different regions. When you are finished launching
instances from an AMI, you can deregister the AMI.
You can
search for an AMI that meets the criteria for your instance. You can search for
AMIs provided by AWS or AMIs provided by the community. For more information,
see AMI Typesand Finding
a Linux AMI.
When
you are connected to an instance, you can use it just like you use any other
server. For information about launching, connecting, and using your instance,
see Amazon EC2 Instances.
Creating
Your Own AMI
You can
customize the instance that you launch from a public AMI and then save that
configuration as a custom AMI for your own use. Instances that you launch from
your AMI use all the customizations that you've made.
The
root storage device of the instance determines the process you follow to create
an AMI. The root volume of an instance is either an Amazon EBS volume or an
instance store volume. For information, see Amazon EC2 Root Device
Volume.
To
create an Amazon EBS-backed AMI, see Creating an Amazon
EBS-Backed Linux AMI. To create an instance store-backed AMI, see Creating an Instance
Store-Backed Linux AMI.
To help
categorize and manage your AMIs, you can assign custom tags to them. For
more information, see Tagging Your Amazon EC2
Resources.
Buying,
Sharing, and Selling AMIs
After
you create an AMI, you can keep it private so that only you can use it, or you
can share it with a specified list of AWS accounts. You can also make your
custom AMI public so that the community can use it. Building a safe, secure,
usable AMI for public consumption is a fairly straightforward process, if you
follow a few simple guidelines. For information about how to create and use
shared AMIs, see Shared AMIs.
You can
purchase AMIs from a third party, including AMIs that come with service contracts
from organizations such as Red Hat. You can also create an AMI and sell it to
other Amazon EC2 users. For more information about buying or selling AMIs, see Paid AMIs.
Deregistering
Your AMI
You can
deregister an AMI when you have finished with it. After you deregister an AMI,
you can't use it to launch new instances. For more information, see Deregistering Your Linux
AMI.
Amazon
Linux AMIs
The
Amazon Linux AMI is a supported and maintained Linux image provided by AWS. The
following are some of the features of Amazon Linux:
·
A stable, secure, and high-performance execution environment for
applications running on Amazon EC2.
·
Provided at no additional charge to Amazon EC2 users.
·
Repository access to multiple versions of MySQL, PostgreSQL,
Python, Ruby, Tomcat, and many more common packages.
·
Updated on a regular basis to include the latest components, and
these updates are also made available in the yum repositories
for installation on running instances.
·
Includes packages that enable easy integration with AWS
services, such as the AWS CLI, Amazon EC2 API and AMI tools, the Boto library
for Python, and the Elastic Load Balancing tools.
For
more information, see Amazon Linux.
Creating an Amazon EBS Snapshot
To create a snapshot
using the console
1.
Choose Snapshots in the navigation pane.
2.
Choose Create Snapshot.
3.
In the Create Snapshot dialog box, select the volume to create a
snapshot for, and then choose Create.
A
point-in-time snapshot of an EBS volume, can be used as a baseline for new
volumes or for data backup. If you make periodic snapshots of a volume, the
snapshots are incremental—only the blocks on the device that have changed after
your last snapshot are saved in the new snapshot. Even though snapshots are
saved incrementally, the snapshot deletion process is designed so that you need
to retain only the most recent snapshot in order to restore the entire volume.
Snapshots
occur asynchronously; the point-in-time snapshot is created immediately, but
the status of the snapshot is
pending until
the snapshot is complete (when all of the modified blocks have been transferred
to Amazon S3), which can take several hours for large initial snapshots or
subsequent snapshots where many blocks have changed. While it is completing, an
in-progress snapshot is not affected by ongoing reads and writes to the volume.
Important
Although
you can take a snapshot of a volume while a previous snapshot of that volume is
in the
pending status, having multiple pending snapshots
of a volume may result in reduced volume performance until the snapshots
complete.
There
is a limit of five
pending snapshots
for a single gp2, io1, or
Magnetic volume, and one pending snapshot
for a single st1 or sc1 volume.
If you receive a ConcurrentSnapshotLimitExceeded error
while trying to create multiple concurrent snapshots of the same volume, wait
for one or more of the pendingsnapshots
to complete before creating another snapshot of that volume.
Snapshots
that are taken from encrypted volumes are automatically encrypted. Volumes that
are created from encrypted snapshots are also automatically encrypted. The data
in your encrypted volumes and any associated snapshots is protected both at
rest and in motion. For more information, see Amazon
EBS Encryption.
By
default, only you can create volumes from snapshots that you own. However, you
can share your unencrypted snapshots with specific AWS accounts, or you can
share them with the entire AWS community by making them public. For more
information, see Sharing an Amazon EBS
Snapshot.
You can
share an encrypted snapshot only with specific AWS accounts. For others to use
your shared, encrypted snapshot, you must also share the CMK key that was used
to encrypt it. Users with access to your encrypted snapshot must create their
own personal copy of it and then use that copy to restore the volume. Your copy
of a shared, encrypted snapshot can also be re-encrypted with a different key.
For more information, see Sharing an Amazon EBS
Snapshot.
When a
snapshot is created from a volume with an AWS Marketplace product code, the
product code is propagated to the snapshot.
You can
take a snapshot of an attached volume that is in use. However, snapshots only
capture data that has been written to your Amazon EBS volume at the time the
snapshot command is issued. This might exclude any data that has been cached by
any applications or the operating system. If you can pause any file writes to
the volume long enough to take a snapshot, your snapshot should be complete.
However, if you can't pause all file writes to the volume, you should unmount
the volume from within the instance, issue the snapshot command, and then remount
the volume to ensure a consistent and complete snapshot. You can remount and
use your volume while the snapshot status is
pending.
To
create a snapshot for an Amazon EBS volume that serves as a root device, you
should stop the instance before taking the snapshot.
To
unmount the volume in Linux, use the following command, where device_name is the
device name (for example,
/dev/sdh):Copy
umount -ddevice_name
After
you've created a snapshot, you can tag it to help you manage it later. For
example, you can add tags describing the original volume from which the
snapshot was created, or the device name that was used to attach the original
volume to an instance. For more information, see Tagging Your Amazon EC2
Resources.
To create a snapshot
using the console
1.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2.
Choose Snapshots in the navigation pane.
3.
Choose Create Snapshot.
4.
In the Create Snapshot dialog box, select the
volume to create a snapshot for, and then choose Create.
To create a snapshot
using the command line
You can
use one of the following commands. For more information about these command
line interfaces, see Accessing Amazon EC2.
·
create-snapshot (AWS
CLI)
·
New-EC2Snapshot (AWS
Tools for Windows PowerShell)
Deleting an Amazon EBS Snapshot
When
you delete a snapshot, only the data referenced exclusively by that snapshot is
removed. Deleting previous snapshots of a volume does not affect your ability
to restore volumes from later snapshots of that volume.
Deleting
a snapshot of a volume has no effect on the volume. Deleting a volume has no
effect on the snapshots made from it.
If you
make periodic snapshots of a volume, the snapshots are incremental, which means
that only the blocks on the device that have changed after your last snapshot
are saved in the new snapshot. Even though snapshots are saved incrementally,
the snapshot deletion process is designed so that you need to retain only the
most recent snapshot in order to restore the volume.
Deleting
a snapshot might not reduce your organization's data storage costs. Other
snapshots might reference that snapshot's data, and referenced data is always
preserved. If you delete a snapshot containing data being used by a later snapshot,
costs associated with the referenced data are allocated to the later snapshot.
For more information about how snapshots store data, see How Incremental Snapshots
Work and the example below.
In the
following diagram, Volume 1 is shown at three points in time. A snapshot has
captured each of the first two states, and in the third, a snapshot has been
deleted.
·
In State 1, the volume has 10 GiB of data. Because Snap A is the
first snapshot taken of the volume, the entire 10 GiB of data must be copied.
·
In State 2, the volume still contains 10 GiB of data, but 4 GiB
have changed. Snap B needs to copy and store only the 4 GiB that changed after
Snap A was taken. The other 6 GiB of unchanged data, which are already copied
and stored in Snap A, are referenced by Snap B rather than (again) copied. This
is indicated by the dashed arrow.
·
In state 3, the volume has not changed since State 2, but
Snapshot A has been deleted. The 6 GiB of data stored in Snapshot A that were
referenced by Snapshot B have now been moved to Snapshot B, as shown by the
heavy arrow. As a result, you are still charged for storing 10 GiB of data—6
GiB of unchanged data preserved from Snap A, and 4 GiB of changed data from
Snap B.
Example 1: Deleting a Snapshot with Some of its Data Referenced
by Another Snapshot
Note
that you can't delete a snapshot of the root device of an EBS volume used by a
registered AMI. You must first deregister the AMI before you can delete the
snapshot. For more information, see Deregistering Your Linux
AMI.
To delete a snapshot
using the console
1.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2.
Choose Snapshots in the navigation pane.
3.
Select a snapshot and then choose Delete from
the Actions list.
4.
Choose Yes, Delete.
To delete a snapshot
using the command line
You can
use one of the following commands. For more information about these command
line interfaces, see Accessing Amazon EC2.
·
delete-snapshot (AWS
CLI)
·
Remove-EC2Snapshot (AWS
Tools for Windows PowerShell)
Note
Although
you can delete a snapshot that is still in progress, the snapshot must complete
before the deletion takes effect. This may take a long time. If you are also at
your concurrent snapshot limit (five snapshots in progress), and you attempt to
take an additional snapshot, you may get the
ConcurrentSnapshotLimitExceeded error.
Copying an Amazon EBS Snapshot
With
Amazon EBS, you can create point-in-time snapshots of volumes, which we store
for you in Amazon S3. After you've created a snapshot and it has finished
copying to Amazon S3 (when the snapshot status is
completed), you
can copy it from one AWS region to another, or within the same region. Amazon
S3 server-side encryption (256-bit AES) protects a snapshot's data in-transit
during a copy operation. The snapshot copy receives an ID that is different
than the ID of the original snapshot.
For
information about copying an Amazon RDS snapshot, see Copying a
DB Snapshot in theAmazon
Relational Database Service User Guide.
If you
would like another account to be able to copy your snapshot, you must either
modify the snapshot permissions to allow access to that account or make the
snapshot public so that all AWS accounts may copy it. For more information, see Sharing an Amazon EBS
Snapshot.
For
pricing information about copying snapshots across regions and accounts, see Amazon EBS Pricing. Note that snapshot copy
operations within a single account and region do not copy any data and are
cost-free as long as the following conditions apply:
·
The encryption status of the snapshot copy does not change.
·
For encrypted snapshots, both the source snapshot and the copy
are encrypted with the default EBS CMK.
Use Cases
·
Geographic expansion: Launch your applications in a new region.
·
Migration: Move an application to a new region, to enable better
availability and to minimize cost.
·
Disaster recovery: Back up your data and logs across different
geographical locations at regular intervals. In case of disaster, you can
restore your applications using point-in-time backups stored in the secondary
region. This minimizes data loss and recovery time.
·
Encryption: Encrypt a previously unencrypted snapshot, change
the key with which the snapshot is encrypted, or, for encrypted snapshots that
have been shared with you, create a copy that you own in order to restore a
volume from it.
·
Data retention and auditing requirements: Copy your encrypted
EBS snapshots from one AWS account to another to preserve data logs or other
files for auditing or data retention. Using a different account helps prevent
accidental snapshot deletions, and protects you if your main AWS account is
compromised.
Prerequisites
·
You can copy any accessible snapshots that have a
completed status,
including shared snapshots and snapshots that you've created.
·
You can copy AWS Marketplace, VM Import/Export, and AWS Storage
Gateway snapshots, but you must verify that the snapshot is supported in the destination
region.
Limits
·
Each account can have up to 5 concurrent snapshot copy requests
to a single destination region.
·
User-defined tags are not copied from the source snapshot to the
new snapshot. After the copy operation is complete, you can apply user-defined
tags to the new snapshot. For more information, see Tagging Your Amazon EC2
Resources.
·
Snapshots created by the CopySnapshot action have an arbitrary
volume ID that should not be used for any purpose.
Incremental
Copy
The
first snapshot copy to another region is always a full copy. Each subsequent
snapshot copy is incremental (which makes the copy process faster), meaning
that only the blocks in the snapshot that have changed after your last snapshot
copy to the same destination are transferred. Support for incremental snapshots
is specific to a cross=region pair where a previous complete snapshot copy of
the source volume is already available in the destination region, and it is
limited to the default EBS CMK for encrypted snapshots. For example, if you
copy an unencrypted snapshot from the US East (N. Virginia) region to the US
West (Oregon) region, the first snapshot copy of the volume is a full copy and
subsequent snapshot copies of the same volume transferred between the same
regions are incremental.
Encrypted
Snapshots
When
you copy a snapshot, you can choose to encrypt the copy (if the original
snapshot was not encrypted) or you can specify a CMK different from the
original one, and the resulting copied snapshot uses the new CMK. However,
changing the encryption status of a snapshot or using a non-default EBS CMK
during a copy operation always results in a full (not incremental) copy, which
may incur greater data transfer and storage charges.
To copy
an encrypted snapshot from another account, you must have permissions to use
the snapshot and you must have permissions to use the customer master key (CMK)
that was used to encrypt the original snapshot. For more information, see Sharing an Amazon EBS
Snapshot.
When
copying an encrypted snapshot that was shared with you, you should consider
re-encrypting the snapshot during the copy process with a different key that
you control. This protects you if the original key is compromised, or if the
owner revokes the key for any reason, which could cause you to lose access to
the volume you created.
Copy a
Snapshot
Use the
following procedure to copy a snapshot using the Amazon EC2 console.
To copy a snapshot using
the console
1.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2.
In the navigation pane, choose Snapshots.
3.
Select the snapshot to copy, and then choose Copy from
the Actions list.
4.
In the Copy Snapshot dialog box, update the
following as necessary:
·
Destination region:
Select the region where you want to write the copy of the snapshot.
·
Description: By
default, the description includes information about the source snapshot so that
you can identify a copy from the original. You can change this description as
necessary.
·
Encryption: If
the source snapshot is not encrypted, you can choose to encrypt the copy. You cannot decrypt an encrypted
snapshot.
·
Master Key: The
customer master key (CMK) that to be used to encrypt this snapshot. You can
select from master keys in your account or type/paste the ARN of a key from a
different account. You can create a new master encryption key in the IAM
console.
5.
Choose Copy.
6.
In the Copy Snapshot confirmation dialog box,
choose Snapshots to go to the Snapshotspage in the
region specified, or choose Close.
To view
the progress of the copy process, switch to the destination region, and then
refresh the Snapshots page. Copies in progress are listed at
the top of the page.
To check for failure
If you
attempt to copy an encrypted snapshot without having permissions to use the
encryption key, the operation fails silently. The error state is not displayed
in the console until you refresh the page. You can also check the state of the
snapshot from the command line. For example:
Copy
aws ec2 describe-snapshots --snapshot-id snap-0123abcd
If the
copy failed because of insufficient key permissions, you see the following
message:
"StateMessage": "Given key ID is not
accessible".
When
copying an encrypted snapshot, you must have
DescribeKey permissions
on the default CMK. Explicitly denying these permissions results in copy
failure. For information about managing CMK keys, see Controlling
Access to Customer Master Keys.
To copy a snapshot using
the command line
You can
use one of the following commands. For more information about these command
line interfaces, see Accessing Amazon EC2.
·
copy-snapshot (AWS
CLI)
·
Copy-EC2Snapshot (AWS
Tools for Windows PowerShell)
Viewing Amazon EBS Snapshot Information
You can
view detailed information about your snapshots.
To view snapshot
information using the console
1.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2.
Choose Snapshots in the navigation pane.
3.
To reduce the list, choose an option from the Filter list.
For example, to view only your snapshots, choose Owned By Me. You
can filter your snapshots further by using the advanced search options. Choose
the search bar to view the filters available.
4.
To view more information about a snapshot, select it.
To view snapshot
information using the command line
You can
use one of the following commands. For more information about these command
line interfaces, see Accessing Amazon EC2.
·
describe-snapshots (AWS
CLI)
·
Get-EC2Snapshot (AWS
Tools for Windows PowerShell)
Sharing an Amazon EBS Snapshot
By
modifying the permissions of the snapshot,you can share your unencrypted
snapshots with your co-workers or others in the AWS community Users that you
have authorized can use your unencrypted shared snapshots as the basis for
creating their own EBS volumes. If you choose, you can also make your
unencrypted snapshots available publicly to all AWS users.
You can
share an encrypted snapshot with specific AWS accounts, though you cannot make
it public. For others to use the snapshot, you must also share the custom CMK
key used to encrypt it. Cross-account permissions may be applied to a custom
key either when it is created or at a later time. Users with access can copy
your snapshot and create their own EBS volumes based on your snapshot while
your original snapshot remains unaffected.
Important
When
you share a snapshot (whether by sharing it with another AWS account or making
it public to all), you are giving others access to all the data on the
snapshot. Share snapshots only with people with whom you want to share all your snapshot
data.
Several
technical and policy restrictions apply to sharing snapshots:
·
Snapshots are constrained to the region in which they were
created. To share a snapshot with another region, copy the snapshot to that
region. For more information about copying snapshots, see Copying an Amazon EBS
Snapshot.
·
If your snapshot uses the longer resource ID format, you can
only share it with another account that also supports longer IDs. For more
information, see Resource
IDs.
·
AWS prevents you from sharing snapshots that were encrypted with
your default CMK. Snapshots that you intend to share must instead be encrypted
with a custom CMK. For information about creating keys, see Creating
Keys.
·
Users of your shared CMK who are accessing encrypted snapshots
must be granted
DescribeKey and ReEncrypt permissions.
For information about managing and sharing CMK keys, see Controlling
Access to Customer Master Keys.
·
If you have access to a shared encrypted snapshot and you want
to restore a volume from it, you must create a personal copy of the snapshot
and then use that copy to restore the volume. We recommend that you re-encrypt
the snapshot during the copy process with a different key that you control.
This protects your access to the volume if the original key is compromised, or
if the owner revokes the key for any reason.
To modify snapshot
permissions using the console
1.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2.
Choose Snapshots in the navigation pane.
3.
Select a snapshot and then choose Modify Permissions from
the Actions list.
4.
Choose whether to make the snapshot public or to share it with
specific AWS accounts:
a.
To make the snapshot public, choose Public.
This is
not a valid option for encrypted snapshots or snapshots with AWS Marketplace
product codes.
b.
To expose the snapshot to only specific AWS accounts,
choose Private, enter the ID of the AWS account (without hyphens)
in the AWS Account Number field, and choose Add
Permission. Repeat until you've added all the required AWS accounts.
Important
If your
snapshot is encrypted, you must ensure that the following are true:
·
The snapshot is encrypted with a custom CMK, not your default
CMK. If you attempt to change the permissions of a snapshot encrypted with your
default CMK, the console displays an error message.
·
You are sharing the custom CMK with the accounts that have access
to your snapshot.
5.
Choose Save. Now a user logged into the permitted
account can locate the shared snapshot by choosing Private Snapshots in
the filter menu.
To view and modify
snapshot permissions using the command line
To view
the
createVolumePermission attribute of a snapshot,
you can use one of the following commands. For more information about these
command line interfaces, see Accessing Amazon EC2.
·
describe-snapshot-attribute (AWS
CLI)
·
Get-EC2SnapshotAttribute (AWS
Tools for Windows PowerShell)
To
modify the
createVolumePermission attribute of a snapshot,
you can use one of the following commands.
·
modify-snapshot-attribute (AWS
CLI)
·
Edit-EC2SnapshotAttribute (AWS
Tools for Windows PowerShell)
Amazon
EBS–Optimized Instances
An
Amazon EBS–optimized instance uses an optimized configuration stack and
provides additional, dedicated capacity for Amazon EBS I/O. This optimization
provides the best performance for your EBS volumes by minimizing contention
between Amazon EBS I/O and other traffic from your instance.
Amazon
EBS–optimized instances deliver dedicated bandwidth to Amazon EBS, with options
between 425 Mbps and 14,000 Mbps, depending on the instance type you use. When
attached to an Amazon EBS–optimized instance, General Purpose SSD (
gp2)
volumes are designed to deliver within 10% of their baseline and burst
performance 99% of the time in a given year, and Provisioned IOPS SSD (io1)
volumes are designed to deliver within 10% of their provisioned performance
99.9% of the time in a given year. Both Throughput Optimized HDD (st1) and
Cold HDD (sc1) guarantee performance consistency of 90% of burst throughput
99% of the time in a given year. Non-compliant periods are approximately
uniformly distributed, targeting 99% of expected total throughput each hour.
For more information, see Amazon EBS Volume Types.
When
you enable Amazon EBS optimization for an instance that is not optimized by
default, you pay an additional low usage fee for the dedicated capacity. For
pricing information, see EBS-optimized
Instances on the Amazon EC2 On-Demand Pricing page.
Contents
- Instance
Types That Support Amazon EBS Optimization
- Enabling
Amazon EBS Optimization at Launch
- Modifying
Amazon EBS Optimization for a Running Instance
Instance
Types That Support Amazon EBS Optimization
The
following table shows which instance types support Amazon EBS optimization, the
dedicated bandwidth to Amazon EBS, the maximum number of IOPS the instance can
support if you are using a 16 KiB I/O size, and the typical maximum aggregate
throughput that can be achieved on that connection in MiB/s with a streaming
read workload and128 KiB I/O size. Choose an Amazon EBS–optimized instance that
provides more dedicated Amazon EBSthroughput than your application needs;
otherwise, the connection between Amazon EBS and Amazon EC2 can become a
performance bottleneck.
Some
instance types are Amazon EBS–optimized by default. For those instances, there
is no need to enable Amazon EBS optimization. There is no effect if you disable
Amazon EBS optimization using the CLI or API. You can enable Amazon EBS
optimization for the other instance types that support it when you launch the
instances, or enable it after the instances are running.
Note
Some
instances with 10-gigabit network interfaces, such as
i2.8xlarge and r3.8xlarge, do
not offer EBS-optimization, and therefore do not have dedicated Amazon EBS
bandwidth available. They are not listed here. On these instances, network
traffic and Amazon EBS traffic is shared on the same 10-gigabit network
interface. Some other 10-gigabit network instances, such as c4.8xlarge and d2.8xlarge, offer
dedicated Amazon EBS bandwidth in addition to a 10-gigabit interface that is
used exclusively for network traffic.
Instance
type
|
Amazon
EBS-optimized by default
|
Max.
bandwidth (Mbps)*
|
Expected
throughput (MB/s)**
|
Max.
IOPS (16 KB I/O size)**
|
c1.xlarge |
1,000
|
125
|
8,000
|
|
c3.xlarge |
500
|
62.5
|
4,000
|
|
c3.2xlarge |
1,000
|
125
|
8,000
|
|
c3.4xlarge |
2,000
|
250
|
16,000
|
|
c4.large |
Yes
|
500
|
62.5
|
4,000
|
c4.xlarge |
Yes
|
750
|
93.75
|
6,000
|
c4.2xlarge |
Yes
|
1,000
|
125
|
8,000
|
c4.4xlarge |
Yes
|
2,000
|
250
|
16,000
|
c4.8xlarge |
Yes
|
4,000
|
500
|
32,000
|
d2.xlarge |
Yes
|
750
|
93.75
|
6,000
|
d2.2xlarge |
Yes
|
1,000
|
125
|
8,000
|
d2.4xlarge |
Yes
|
2,000
|
250
|
16,000
|
d2.8xlarge |
Yes
|
4,000
|
500
|
32,000
|
f1.2xlarge |
Yes
|
1,700
|
212.5
|
12,000
|
f1.16xlarge |
Yes
|
14,000
|
1,750
|
75,000
|
g2.2xlarge |
1,000
|
125
|
8,000
|
|
g3.4xlarge |
Yes
|
3,500
|
437.5
|
20,000
|
g3.8xlarge |
Yes
|
7,000
|
875
|
40,000
|
g3.16xlarge |
Yes
|
14,000
|
1,750
|
80,000
|
i2.xlarge |
500
|
62.5
|
4,000
|
|
i2.2xlarge |
1,000
|
125
|
8,000
|
|
i2.4xlarge |
2,000
|
250
|
16,000
|
|
i3.large |
Yes
|
425
|
53.13
|
3000
|
i3.xlarge |
Yes
|
850
|
106.25
|
6000
|
i3.2xlarge |
Yes
|
1,700
|
212.5
|
12,000
|
i3.4xlarge |
Yes
|
3,500
|
437.5
|
16,000
|
i3.8xlarge |
Yes
|
7,000
|
875
|
32,500
|
i3.16xlarge |
Yes
|
14,000
|
1,750
|
65,000
|
m1.large |
500
|
62.5
|
4,000
|
|
m1.xlarge |
1,000
|
125
|
8,000
|
|
m2.2xlarge |
500
|
62.5
|
4,000
|
|
m2.4xlarge |
1,000
|
125
|
8,000
|
|
m3.xlarge |
500
|
62.5
|
4,000
|
|
m3.2xlarge |
1,000
|
125
|
8,000
|
|
m4.large |
Yes
|
450
|
56.25
|
3,600
|
m4.xlarge |
Yes
|
750
|
93.75
|
6,000
|
m4.2xlarge |
Yes
|
1,000
|
125
|
8,000
|
m4.4xlarge |
Yes
|
2,000
|
250
|
16,000
|
m4.10xlarge |
Yes
|
4,000
|
500
|
32,000
|
m4.16xlarge |
Yes
|
10,000
|
1,250
|
65,000
|
p2.xlarge |
Yes
|
750
|
93.75
|
6,000
|
p2.8xlarge |
Yes
|
5,000
|
625
|
32,500
|
p2.16xlarge |
Yes
|
10,000
|
1,250
|
65,000
|
p3.2xlarge |
Yes
|
1,750
|
218
|
10,000
|
p3.8xlarge |
Yes
|
7,000
|
875
|
40,000
|
p3.16xlarge |
Yes
|
14,000
|
1,750
|
80,000
|
r3.xlarge |
500
|
62.5
|
4,000
|
|
r3.2xlarge |
1,000
|
125
|
8,000
|
|
r3.4xlarge |
2,000
|
250
|
16,000
|
|
r4.large |
Yes
|
425
|
53.13
|
3,000
|
r4.xlarge |
Yes
|
850
|
106.25
|
6,000
|
r4.2xlarge |
Yes
|
1,700
|
212.25
|
12,000
|
r4.4xlarge |
Yes
|
3,500
|
437.5
|
18,750
|
r4.8xlarge |
Yes
|
7,000
|
875
|
37,500
|
r4.16xlarge |
Yes
|
14,000
|
1,750
|
75,000
|
x1.16xlarge |
Yes
|
7,000
|
875
|
40,000
|
x1.32xlarge |
Yes
|
14,000
|
1,750
|
80,000
|
x1e.32xlarge |
Yes
|
14,000
|
1,750
|
80,000
|
* These
instance types must be launched as Amazon EBS–optimized to consistently achieve
this level of performance.
** This
value is a rounded approximation based on a 100% read-only workload and it is
provided as a baseline configuration aid. Amazon EBS–optimized connections are
full-duplex, and can drive more throughput and IOPS in a 50/50 read/write
workload where both communication lanes are used. In some cases, network, file
system, and Amazon EBS encryption overhead can reduce the maximum throughput
and IOPS available.
Enabling
Amazon EBS Optimization at Launch
You can
enable optimization for an instance by setting its Amazon EBS–optimized
attribute.
To enable Amazon EBS
optimization when launching an instance using the console
1.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2.
Choose Launch Instance.
3.
In Step 1: Choose an Amazon Machine Image (AMI),
select an AMI.
4.
In Step 2: Choose an Instance Type, select an
instance type that is listed as supporting Amazon EBS optimization.
5.
In Step 3: Configure Instance Details, complete the
fields that you need and choose Launch as EBS-optimized instance.
If the instance type that you selected in the previous step doesn't support
Amazon EBS optimization, this option is not present. If the instance type that
you selected is Amazon EBS–optimized by default, this option is selected and
you can't deselect it.
6.
Follow the directions to complete the wizard and launch your
instance.
To enable EBS
optimization when launching an instance using the command line
You can
use one of the following options with the corresponding command. For more
information about these command line interfaces, see Accessing Amazon EC2.
Modifying
Amazon EBS Optimization for a Running Instance
You can
enable or disable optimization for a running instance by modifying its Amazon
EBS–optimized instance attribute.
To enable EBS
optimization for a running instance using the console
1.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
2.
In the navigation pane, click Instances, and select
the instance.
3.
Click Actions, select Instance State,
and then click Stop.
Warning
When
you stop an instance, the data on any instance store volumes is erased.
Therefore, if you have any data on instance store volumes that you want to
keep, be sure to back it up to persistent storage.
4.
In the confirmation dialog box, click Yes, Stop. It
can take a few minutes for the instance to stop.
5.
With the instance still selected, click Actions,
select Instance Settings, and then click Change Instance
Type.
6.
In the Change Instance Type dialog box, do one
of the following:
·
If the instance type of your instance is Amazon EBS–optimized by
default, EBS-optimized is selected and you can't change it.
You can choose Cancel, because Amazon EBS optimization is already
enabled for the instance.
·
If the instance type of your instance supports Amazon EBS
optimization, choose EBS-optimized, Apply.
·
If the instance type of your instance does not support Amazon
EBS optimization, you can't choose EBS-optimized. You can select an
instance type from Instance Typethat supports Amazon EBS optimization,
and then choose EBS-optimized, Apply.
7.
Choose Actions, Instance State, Start.
To enable EBS
optimization for a running instance using the command line
You can
use one of the following options with the corresponding command. For more
information about these command line interfaces, see Accessing Amazon EC2.
Amazon EBS Encryption
Amazon
EBS encryption offers you a simple encryption solution for your EBS volumes
without the need for you to build, maintain, and secure your own key management
infrastructure. When you create an encrypted EBS volume and attach it to a
supported instance type, the following types of data are encrypted:
·
Data at rest inside the volume
·
All data moving between the volume and the instance
·
All snapshots created from the volume
The
encryption occurs on the servers that host EC2 instances, providing encryption
of data-in-transit from EC2 instances to EBS storage.
Amazon
EBS encryption uses AWS Key Management Service (AWS KMS) customer master keys
(CMK) when creating encrypted volumes and any snapshots created from them. The
first time you create an encrypted volume in a region, a default CMK is created
for you automatically. This key is used for Amazon EBS encryption unless you
select a CMK that you created separately using AWS KMS. Creating your own CMK
gives you more flexibility, including the ability to create, rotate, and
disable keys to define access controls, and to audit the encryption keys used
to protect your data. For more information, see the AWS Key Management Service
Developer Guide.
This
feature is supported with all EBS volume types (General Purpose SSD [
gp2],
Provisioned IOPS SSD [io1], Throughput Optimized
HDD [st1], Cold HDD [sc1], and Magnetic [standard]). You
can expect the same IOPS performance on encrypted volumes as you would with
unencrypted volumes, with a minimal effect on latency. You can access encrypted
volumes the same way that you access unencrypted volumes. Encryption and
decryption are handled transparently and they require no additional action from
you, your EC2 instance, or your application.
Snapshots
that are taken from encrypted volumes are automatically encrypted. Volumes that
are created from encrypted snapshots are also automatically encrypted. Public
snapshots of encrypted volumes are not supported, but you can share an
encrypted snapshot with specific accounts if you take the following steps:
1.
Use a custom CMK, not your default CMK, to encrypt your volume.
2.
Give the specific accounts access to the custom CMK.
3.
Create the snapshot.
4.
Give the specific accounts access to the snapshot.
For
more information, see Sharing
an Amazon EBS Snapshot.
Amazon
EBS encryption is only available on certain instance types. You can attach both
encrypted and unencrypted volumes to a supported instance type. For more
information, see Supported Instance Types.
Contents
- Encryption
Key Management
- Supported
Instance Types
- Changing
the Encryption State of Your Data
- Amazon EBS
Encryption and CloudWatch Events
Encryption
Key Management
Amazon
EBS encryption handles key management for you. Each newly created volume is
encrypted with a unique 256-bit key. Any snapshots of this volume and any
subsequent volumes created from those snapshots also share that key. These keys
are protected by AWS key management infrastructure, which implements strong
logical and physical security controls to prevent unauthorized access. Your
data and associated keys are encrypted using the industry standard AES-256
algorithm.
You
cannot change the CMK that is associated with an existing snapshot or encrypted
volume. However, you can associate a different CMK during a snapshot copy
operation (including encrypting a copy of an unencrypted snapshot) and the
resulting copied snapshot use the new CMK.
The AWS
overall key management infrastructure is consistent with National Institute of
Standards and Technology (NIST) 800-57 recommendations and uses cryptographic
algorithms approved by Federal Information Processing Standards (FIPS) 140-2.
Each
AWS account has a unique master key that is stored separately from your data,
on a system that is surrounded with strong physical and logical security
controls. Each encrypted volume (and its subsequent snapshots) is encrypted
with a unique volume encryption key that is then encrypted with a
region-specific secure master key. The volume encryption keys are used in
memory on the server that hosts your EC2 instance; they are never stored on
disk in plaintext.
Supported
Instance Types
Amazon
EBS encryption is available on the instance types listed in the table below.
These instance types leverage the Intel AES New Instructions (AES-NI)
instruction set to provide faster and simpler data protection. You can attach
both encrypted and unencrypted volumes to these instance types simultaneously.
Instance
family
|
Instance
types that support Amazon EBS encryption
|
General purpose
|
t2.nano | t2.micro | t2.small | t2.medium | t2.large | t2.xlarge | t2.2xlarge | m3.medium | m3.large | m3.xlarge | m3.2xlarge | m4.large | m4.xlarge | m4.2xlarge | m4.4xlarge | m4.10xlarge | m4.16xlarge |
Compute optimized
|
c3.large | c3.xlarge | c3.2xlarge | c3.4xlarge | c3.8xlarge | c4.large | c4.xlarge | c4.2xlarge | c4.4xlarge | c4.8xlarge |
Memory optimized
|
r3.large | r3.xlarge | r3.2xlarge | r3.4xlarge | r3.8xlarge | r4.large | r4.xlarge | r4.2xlarge | r4.4xlarge | r4.8xlarge | r4.16xlarge | x1.16xlarge | x1.32xlarge | x1e.32xlarge | cr1.8xlarge |
Storage optimized
|
d2.xlarge | d2.2xlarge | d2.4xlarge | d2.8xlarge | i2.xlarge | i2.2xlarge | i2.4xlarge | i2.8xlarge | i3.large | i3.xlarge | i3.2xlarge | i3.4xlarge | i3.8xlarge | i3.16xlarge |
Accelerated computing
|
f1.2xlarge | f1.16xlarge | g2.2xlarge | g2.8xlarge | g3.4xlarge | g3.8xlarge | g3.16xlarge | p2.xlarge | p2.8xlarge | p2.16xlarge | p3.2xlarge | p3.8xlarge | p3.16xlarge |
For
more information about these instance types, see Instance Type Details.
Changing
the Encryption State of Your Data
There
is no direct way to encrypt an existing unencrypted volume, or to remove
encryption from an encrypted volume. However, you can migrate data between
encrypted and unencrypted volumes. You can also apply a new encryption status
while copying a snapshot:
·
While copying an unencrypted snapshot of an unencrypted volume,
you can encrypt the copy. Volumes restored from this encrypted copy are also
encrypted.
·
While copying an encrypted snapshot of an encrypted volume, you
can re-encrypt the copy using a different CMK. Volumes restored from the
encrypted copy are only accessible using the newly applied CMK.
You
cannot remove encryption from an encrypted snapshot.
Migrate Data between Encrypted and
Unencrypted Volumes
When
you have access to both an encrypted and unencrypted volume, you can freely
transfer data between them. EC2 carries out the encryption or decryption
operations transparently.
To migrate data between
encrypted and unencrypted volumes
1.
Create your destination volume (encrypted or unencrypted,
depending on your need) by following the procedures in Creating an Amazon EBS
Volume.
2.
Attach the destination volume to the instance that hosts the
data to migrate. For more information, see Attaching an Amazon EBS
Volume to an Instance.
3.
Make the destination volume available by following the
procedures in Making an Amazon EBS Volume
Available for Use. For Linux instances, you can create a mount point
at
/mnt/destination and
mount the destination volume there.
4.
Copy the data from your source directory to the destination
volume. It may be most convenient to use a bulk-copy utility for this.
Linux
Use
the rsync command as follows to copy the data from your source
to the destination volume. In this example, the source data is located in
/mnt/source and
the destination volume is mounted at /mnt/destination.Copy
[ec2-user ~]$ sudo rsync -avh --progress /mnt/source/ /mnt/destination/
Windows
At a
command prompt, use the robocopy command to copy the data from
your source to the destination volume. In this example, the source data is
located in
D:\ and the destination volume is mounted at E:\.Copy
PS C:\> robocopy D:\ E:\ /e /copyall /eta
Apply Encryption While Copying a Snapshot
Because
you can apply encryption to a snapshot while copying it, another path to
encrypting your data is the following procedure.
To encrypt a volume's
data by means of snapshot copying
1.
Create a snapshot of your unencrypted EBS volume. This snapshot
is also unencrypted.
2.
Copy the snapshot while applying encryption parameters. The
resulting target snapshot is encrypted.
3.
Restore the encrypted snapshot to a new volume, which is also
encrypted.
For
more information, see Copying
an Amazon EBS Snapshot.
Re-Encrypt
a Snapshot with a New CMK
The
ability to encrypt a snapshot during copying also allows you to re-encrypt an
already-encrypted snapshot that you own. In this operation, the plaintext of
your snapshot is encrypted using a new CMK that you provide. Volumes restored
from the resulting copy are only accessible using the new CMK.
In a
related scenario, you may choose to re-encrypt a snapshot that has been shared
with you. Before you can restore a volume from a shared encrypted snapshot, you
must create your own copy of it. By default, the copy is encrypted with the key
shared by the snapshot's owner. However, we recommend that you re-encrypt the
snapshot during the copy process with a different key that you control. This
protects your access to the volume if the original key is compromised, or if
the owner revokes the key for any reason.
The following
procedure demonstrates how to re-encrypt a snapshot that you own.
To re-encrypt a snapshot
using the console
1.
Create a custom CMK. For more information, see AWS Key Management Service
Developer Guide.
2.
Create an EBS volume encrypted with (for this example) your
default CMK.
Amazon EBS Volume Performance on Linux Instances
Several factors, including I/O characteristics and the
configuration of your instances and volumes, can affect the performance of
Amazon EBS. Customers who follow the guidance on our Amazon EBS and Amazon EC2
product detail pages typically achieve good performance out of the box.
However, there are some cases where you may need to do some tuning in order achieve
peak performance on the platform. This topic discusses general best practices
as well as performance tuning that is specific to certain use cases. We
recommend that you tune performance with information from your actual workload,
in addition to benchmarking, to determine your optimal configuration. After you
learn the basics of working with EBS volumes, it's a good idea to look at the
I/O performance you require and at your options for increasing Amazon EBS
performance to meet those requirements.
Contents
- Amazon EBS
Performance Tips
- Amazon EC2
Instance Configuration
- I/O
Characteristics and Monitoring
- Initializing
Amazon EBS Volumes
- RAID
Configuration on Linux
- Benchmark
EBS Volumes
Amazon EBS Performance Tips
These tips represent best practices for getting optimal
performance from your EBS volumes in a variety of user scenarios.
Use EBS-Optimized Instances
On instances without support for EBS-optimized throughput,
network traffic can contend with traffic between your instance and your EBS
volumes; on EBS-optimized instances, the two types of traffic are kept
separate. Some EBS-optimized instance configurations incur an extra cost (such
as C3, R3, and M3), while others are always EBS-optimized at no extra cost
(such as M4, C4, and D2). For more information, see Amazon EC2 Instance
Configuration.
Understand How Performance is Calculated
When you measure the performance of your EBS volumes, it is
important to understand the units of measure involved and how performance is
calculated. For more information, see I/O Characteristics and
Monitoring.
Understand Your Workload
There is a relationship between the maximum performance of your
EBS volumes, the size and number of I/O operations, and the time it takes for
each action to complete. Each of these factors (performance, I/O, and latency)
affects the others, and different applications are more sensitive to one factor
or another. For more information, see Benchmark EBS Volumes.
Be Aware of the Performance Penalty When Initializing Volumes
from Snapshots
There is a significant increase in latency when you first access
each block of data on a new EBS volume that was restored from a snapshot. You
can avoid this performance hit by accessing each block prior to putting the
volume into production. This process is called initialization(formerly known as
pre-warming). For more information, see Initializing Amazon EBS
Volumes.
Factors That Can Degrade HDD Performance
When you create a snapshot of a Throughput Optimized HDD (
st1) or
Cold HDD (sc1) volume, performance may drop as far as the volume's baseline
value while the snapshot is in progress. This behavior is specific to these
volume types. Other factors that can limit performance include driving more
throughput than the instance can support, the performance penalty encountered
while initializing volumes restored from a snapshot, and excessive amounts of
small, random I/O on the volume. For more information about calculating
throughput for HDD volumes, see Amazon
EBS Volume Types .
Your performance can also be impacted if your application isn’t
sending enough I/O requests. This can be monitored by looking at your volume’s
queue length and I/O size. The queue length is the number of pending I/O
requests from your application to your volume. For maximum consistency,
HDD-backed volumes must maintain a queue length (rounded to the nearest whole
number) of 4 or more when performing 1 MiB sequential I/O. For more information
about ensuring consistent performance of your volumes, see I/O Characteristics and
Monitoring
Increase Read-Ahead for High-Throughput, Read-Heavy Workloads on st1 and sc1
Some workloads are read-heavy and access the block device
through the operating system page cache (for example, from a file system). In
this case, to achieve the maximum throughput, we recommend that you configure
the read-ahead setting to 1 MiB. This is a per-block-device setting that should
only be applied to your HDD volumes. The following examples assume that you are
on an Amazon Linux instance.
To examine the current value of read-ahead for your block
devices, use the following command:
Copy
[ec2-user ~]$ sudo blockdev --report /dev/<device>
Block device information is returned in the following format:
RO RA SSZ BSZ StartSec Size Devicerw 256 512 4096 4096 8587820544 /dev/<device>
The device shown reports a read-ahead value of 256 (the
default). Multiply this number by the sector size (512 bytes) to obtain the
size of the read-ahead buffer, which in this case is 128 KiB. To set the buffer
value to 1 MiB, use the following command:
Copy
[ec2-user ~]$ sudo blockdev --setra 2048 /dev/<device>
Verify that the read-ahead setting now displays 2,048 by running
the first command again.
Only use this setting when your workload consists of large,
sequential I/Os. If it consists mostly of small, random I/Os, this setting will
actually degrade your performance. In general, if your workload consists mostly
of small or random I/Os, you should consider using a General Purpose SSD (
gp2)
volume rather than st1 or sc1.
Use a Modern Linux Kernel
Use a modern Linux kernel with support for indirect descriptors.
Any Linux kernel 3.11 and above has this support, as well as any
current-generation EC2 instance. If your average I/O size is at or near 44 KiB,
you may be using an instance or kernel without support for indirect
descriptors. For information about deriving the average I/O size from Amazon
CloudWatch metrics, see I/O Characteristics and
Monitoring.
To achieve maximum throughput on
st1 or sc1 volumes,
we recommend applying a value of 256 to the xen_blkfront.max parameter
(for Linux kernel versions below 4.6) or the xen_blkfront.max_indirect_segments parameter
(for Linux kernel version 4.6 and above). The appropriate parameter can be set
in your OS boot command line.
For example, in an Amazon Linux AMI with an earlier kernel, you
can add it to the end of the kernel line in the GRUB configuration found in
/boot/grub/menu.lst:Copy
kernel /boot/vmlinuz-4.4.5-15.26.amzn1.x86_64 root=LABEL=/ console=ttyS0 xen_blkfront.max=256
For a later kernel, the command would be similar to the
following:
Copy
kernel /boot/vmlinuz-4.9.20-11.31.amzn1.x86_64 root=LABEL=/ console=tty1 console=ttyS0 xen_blkfront.max_indirect_segments=256
Reboot your instance for this setting to take effect.
For more information, see Configuring
GRUB. Other Linux distributions, especially those that do not use
the GRUB boot loader, may require a different approach to adjusting the kernel
parameters.
For more information about EBS I/O characteristics, see the Amazon EBS: Designing for
Performance re:Invent presentation on this topic.
Use RAID 0 to Maximize Utilization of Instance Resources
Some instance types can drive more I/O throughput than what you
can provision for a single EBS volume. You can join multiple
gp2, io1, st1, or sc1 volumes
together in a RAID 0 configuration to use the available bandwidth for these
instances. For more information, see RAID Configuration
on Linux.
Track Performance with Amazon CloudWatch
Amazon Web Services provides performance metrics for Amazon EBS
that you can analyze and view with Amazon CloudWatch and status checks that you
can use to monitor the health of your volumes. For more information, see Monitoring the Status of
Your Volumes.
Very informative blog... This blog contain complete information on Amazon Elastic Block Store. Here I want to share EBS cost.
ReplyDelete
ReplyDeleteNeeded to compose you a very little word to thank you yet again regarding the nice suggestions you’ve contributed here.
AWS Training in Bangalore
Super blog very easy to understand thanks for sharing and keep updating for more information AWS Online Course Bangalore
ReplyDeleteGreat post! I am actually getting ready to across this information, is very helpful. Keep up the good work you are doing here.
ReplyDeleteAWS Training in Chennai | AWS Training Institute in Chennai
I really enjoyed while reading your article and it is good to know the latest updates. Do post more.
ReplyDeleteAmazon web services Training in Chennai
AWS Certification in Chennai
DevOps course in Chennai
Best devOps Training in Chennai
Data Analytics Courses in Chennai
Big Data Analytics Courses in Chennai
AWS Training in Anna Nagar
AWS Training in T Nagar
Thank you for your post.
ReplyDeleteAWS Training In Hyderabad
AWS Training
AWS Online Training
AWS Training Online
AWS Training In Bangalore
Very informative blog...
ReplyDeleteAWS Training
AWS certification training
AWS Online Training
This comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteGreat post! on Amazon EBS Elastic Block Store I am actually getting ready to across this information, It’s very helpful for this blog. Also great with all of the valuable information you have Keep up the good work you are doing well.
ReplyDeleteCRS Info Solutions Salesforce Training
Your article is too good and informative. I am searching for AWS and I get exact article i am thankful to you for sharing this educational article .
ReplyDeleteAWS Training In Pune
AWS Course In Pune
This comment has been removed by the author.
ReplyDeleteThe content is very well written and explained , thanks for sharing this with us on this trending subject of AWS , Keep Writing . Would like to read more from you.
ReplyDeleteAWS Training in Pune
Very awesome post! I like that and very interesting content.
ReplyDeleteworkday online course
workday training online
workday software training
This post is so usefull and informative.Keep updating with more information...
ReplyDeleteBenefits Of AWS
Advantages Of AWS
Thank you for introducing this tool. keep it updated.
ReplyDeleteAWS Online Training Hyderabad
Best AWS Online Course
Great Post. Very informative. Keep Sharing!!
ReplyDeleteApply Now for AWS Training Classes in Noida
For more details about the course fee, duration, classes, certification, and placement call our expert at 70-70-90-50-90
Thanks a lot for a grateful article.. Finally, I got this type of article it is very useful for me or others. You also describe amazon web services for solution architect, sysops, and much more. If want to know more about VPS hosting you should choose Italy VPS Hosting which gives you sure uptime and the best server service with the highest standards of performance and carefulness.
ReplyDelete