๐ Day 2: Deep Dive into Amazon Elastic Block Store (EBS) โ Storage for Your EC2 Instances
AkankshaOverview
In Day 2 of my DevOps learning journey, I explored Amazon Elastic Block Store (EBS) โ a durable, high-performance block storage service tightly integrated with EC2. EBS enables persistent storage for virtual machines, application data, and critical workloads in the cloud.
This post covers key concepts, volume types, data protection mechanisms, and hands-on deployment.
๐น What is Amazon EBS?
Amazon EBS provides block-level storage volumes that can be attached to EC2 instances. These volumes behave like raw, unformatted block devices, suitable for file systems, databases, or application storage.
Unlike ephemeral instance storage, EBS volumes are persistent โ data is retained even after the instance is stopped or terminated (if configured appropriately).
๐น Key Advantages of EBS
Durability: Replicated within the Availability Zone (AZ) for fault tolerance.
Persistence: Volumes survive instance stops and reboots.
Scalability: Resize and reconfigure without downtime.
Performance Tiers: Tailored for diverse workloads.
Encryption: Integrated with AWS Key Management Service (KMS) for secure data-at-rest and in-transit.
๐น EBS Volume Types and Use Cases
| Volume Type | Use Case | Baseline Performance | Cost |
| gp3 | General-purpose | 3,000 IOPS (baseline), scalable up to 16,000 | Moderate |
| gp2 | Legacy general-purpose | 3 IOPS/GB | Moderate |
| io1 / io2 | I/O-intensive workloads (DBs) | Up to 64,000 IOPS | High |
| st1 | Large, sequential workloads (data lakes, logs) | Throughput-optimized | Low |
| sc1 | Cold data | Lowest throughput and IOPS | Lowest |
๐น Data Protection: EBS Encryption
EBS volumes can be encrypted by default using AWS KMS-managed keys (aws/ebs) or customer-managed keys (CMKs).
Benefits include:
Secure data at rest
Encrypted snapshots and AMIs
Transparent decryption for attached instances
Encryption is enforced automatically during:
Volume creation
Snapshot creation/restoration
AMI creation (from encrypted volumes)
๐น Root Volumes vs. Data Volumes
Root Volume: Attached by default when launching an instance; contains the OS.
Data Volume: Manually attached post-launch; used for persistent application data, logs, and backup storage.
You can modify, snapshot, or migrate these volumes independently.
๐น Snapshots and AMIs
โค EBS Snapshots
Stored in Amazon S3 (incrementally)
Can be used to restore a volume or create a new one
Useful for backups and disaster recovery
โค Amazon Machine Images (AMI)
Contains an EC2 instance's configuration, including:
Root EBS volume
Permissions
Launch settings
Can be shared across accounts or regions
๐ง Difference: Snapshots are volume backups; AMIs are complete bootable machine images.
๐น Lifecycle Management
Amazon Data Lifecycle Manager (DLM) automates EBS snapshot creation and deletion.
Benefits:
Policy-driven backup schedules
Cost optimization by removing outdated snapshots
Enhanced compliance posture
Example Policy:
Snapshot
/dev/xvdfevery 12 hoursRetain for 7 days
Apply to tagged volumes (
Environment=Production)
๐น Lab: EBS in Action (Manual Provisioning)
Scenario:
Attach a secondary volume to an EC2 instance and use it for persistent data.
Steps:
Create a 10 GiB
gp3volume in the same AZ as the EC2 instance.Attach volume to
/dev/xvdf.Connect via SSH and configure:
lsblk # Identify new device
sudo mkfs -t ext4 /dev/xvdf # Format the volume
sudo mkdir /mnt/data
sudo mount /dev/xvdf /mnt/data # Mount it
- (Optional) Add to
/etc/fstabfor persistence.
Subscribe to my newsletter
Read articles from Akanksha directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by