AWS - Module 4 - AWS's Elastic Block Store (EBS) - RM - Final
AWS - Module 4 - AWS's Elastic Block Store (EBS) - RM - Final
1
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
Table of Contents
4.1. Block Store Types for AWS EC2......................................................................................... 4
4.2. Core Knowledge: EBS Backed vs Instance Store Backed EC2 Instances ...................... 8
4.3. EBS Snapshots..................................................................................................................... 11
4.4. EBS Encryption ................................................................................................................... 11
4.5. Changing the Encryption State of an EBS Volume ....................................................... 12
4.6. Sharing EBS Snapshots ...................................................................................................... 13
4.7. Creating AMIs from EBS-Backed EC2 Instances ........................................................... 14
4.8. EBS Redundant Array of Independent Disks (RAID)................................................... 17
4.9. EBS Volumes ....................................................................................................................... 19
2
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
Introduction
Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for
use with EC2 instances. EBS volumes are highly available and reliable storage
volumes that can be attached to any running instance that is in the same Availability
Zone. EBS volumes that are attached to an EC2 instance are exposed as storage
volumes that persist independently from the life of the instance. With Amazon EBS,
you pay only for what you use.
Learning Objectives
3
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
4
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
5
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
allows you to specify a consistent IOPS rate when you create the volume,
and Amazon EBS delivers within 10 percent of the provisioned IOPS
performance 99.9 percent of the time over a given year.
• Throughput Optimized HDD (st1) Volumes
Throughput Optimized HDD (st1) volumes provide low-cost magnetic
storage that defines the performance in terms of throughput rather than
IOPS. This volume type is a good fit for large, sequential workloads such
as Amazon EMR, ETL, data warehouses, and log processing.
Bootable st1 volumes are not supported.
• Throughput Magnetic (Standard)
Magnetic volumes are backed by magnetic drives and are suited for
workloads where data is accessed infrequently, and scenarios where low-
cost storage for small volume sizes is important. These volumes deliver
approximately 100 IOPS on average with burst capability of up to
hundreds of IOPS and they can range in size from 1 GiB to 1 TiB.
Throughput Optimized HDD (st1) volumes provide low-cost magnetic
storage that defines the performance in terms of throughput rather than
IOPS. This volume type is a good fit for large, sequential workloads such
as Amazon EMR, ETL, data warehouses, and log processing.
Bootable st1 volumes are not supported.
• Cold HDD (sc1) Volumes
Cold HDD (sc1) volumes provide low-cost magnetic storage that defines
the performance in terms of throughput rather than IOPS. With a lower
throughput limit than st1, sc1 is ideal for large, sequential cold-data
workloads. If you require infrequent access to your data and are looking
to save costs, sc1 provides inexpensive block storage.
Bootable sc1 volumes are not supported.
Features of Amazon EBS
• You can create EBS General Purpose SSD (gp2), Provisioned IOPS SSD
(io1), Throughput Optimized HDD (st1), and Cold HDD (sc1) volumes
up to 16 TiB in size. You can mount these volumes as devices on your
Amazon EC2 instances. You can mount multiple volumes on the same
instance, but each volume can be attached to only one instance at a time.
You can dynamically change the configuration of a volume attached to an
instance.
• With General Purpose SSD (gp2) volumes, you can expect base
performance of 3 IOPS/GiB with the ability to burst to 3,000 IOPS for
extended period of time. Gp2 volumes are ideal for a broad range of use
cases such as boot volumes, small and medium-size databases, and
development and test environments. Gp2 volumes support up to 10,000
IOPS and 160 MB/s of throughput.
6
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
• With Provisioned IOPS SSD (io1) volumes, you can provision a specific
level of I/O performance. Io1 volumes support up to 32,000 IOPS and 500
MB/s of throughput. This allows you to predictably scale to tens to
thousands of IOPS per EC2 instance.
• Throughput Optimized HDD (st1) volumes provide low-cost magnetic
storage that defines performance in terms of throughput rather than
IOPS. With throughput of up to 500 MiB/s, this volume type is a good for
large, sequential workloads such as Amazon EMR, ETL, data
warehouses, and log processing.
• Cold HDD (sc1) volumes provide low-cost magnetic storage that defines
the performance in terms of throughput rather than IOPS. With
throughput of up to 250 MiB/s, sc1 is ideal for large, sequential, cold-data
workloads. If you require in frequent access to your data and are looking
to save costs, sc1 provides inexpensive block storage.
• EBS volumes behave like raw, unformatted block devices. You can create
a file system on top of these volumes or use them in any other way you
would use a block device like a hard drive.
• You can use encrypted EBS volumes to meet a wide range of data-at-rest
encryption requirements for regulated or audited data and applications.
• You can create point-in-time snapshots of EBS volumes which are
persisted to Amazon S3. Snapshots protect data for long-term durability,
and can be used as the starting point for new EBS volumes. The same
snapshot can be used to instantiate as many volumes as you wish. These
snapshots can be copied across AWS regions.
• EBS volumes are created in a specific Availability Zone, and can then be
attached to any instances in that Availability Zone. To make a volume
available outside the Availability Zone, you can create a snapshot and
restore that snapshot to a new volume anywhere in that region. You can
copy snapshots to other regions and then restore those to new volumes
there. This makes it easier to leverage multiple AWS regions for
geographical expansion, data center migration, and disaster recovery.
• A large repository of public data set snapshots can be restored to EBS
volumes and can be integrated into AWS Cloud-based applications
seamlessly.
• Performance metrics such as bandwidth, throughput, latency, and
average queue length are available through the AWS Management
Console. These metrics, provided by Amazon CloudWatch allow you to
monitor the performance of your volumes to make sure that you are
providing enough performance for your applications without paying for
resources you do not need.
7
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
4.2. Core Knowledge: EBS Backed vs Instance Store Backed EC2 Instances
AWS EBS vs Instance Store Overview
• EC2 instances support two types for block level storage:
o Elastic Block Store (EBS)
o Instance Store
• EC2 Instances can be launched using either Elastic Block Store (EBS) or
Instance Store volume as root volumes and additional volumes.
• EC2 instances can be launched by choosing between AMIs backed by
Amazon EC2 instance store and AMIs backed by Amazon EBS. However,
AWS recommends the use of AMIs backed by Amazon EBS to launch
faster and use persistent storage.
Types of Storage
• Instance Store (Ephemeral storage)
8
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
An “EBS-backed” instance is the root device for an instance launched from the
AMI which is an Amazon EBS volume created from an Amazon EBS snapshot.
9
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
An EBS volume behaves like a raw, unformatted, external block device that can
be attached to a single instance and are not physically attached to the Instance
host computer (more like a network attached storage).
Volume persists independently from the running life of an instance. After an
EBS volume is attached to an instance, you can use it like any other physical
hard drive. EBS volume can be detached from one instance and can be attached
to another instance.
EBS volumes can be created as encrypted volumes using the Amazon EBS
encryption feature.
Key Points for EBS Backed Instance
• Boot time is very fast usually less than a minute.
• EBS backed Instance can be selected as Root Volume and attached as
additional volumes.
• EBS backed Instances can be of maximum 16TiB volume size depending
upon the OS.
• EBS volume can be attached as additional volumes when the instance is
launched and even when the Instance is up and running.
• Data on the EBS volume is lost for EBS Root volume, if Delete On
Termination flag is disabled or enabled, by default.
• Data on the EBS volume is lost for attached EBS volumes, if the Delete On
Termination flag is disabled, by default.
• Data on EBS volume is NOT LOST in following scenarios:
o Reboot on the Instance
o Stopping an EBS-backed instance
o Termination of the Instance for the additional EBS volumes. Additional
EBS volumes are detached with their data intact.
• When EBS-backed instance is in a stopped state, various instance and
volume-related tasks can be done. For example, you can modify the
properties of the instance, you can change the size of your instance or
update the kernel it is using, or you can attach your root volume to a
different running instance for debugging or for any other purpose.
• EBS volumes are tied to a single AZ in which they are created.
• EBS volumes are automatically replicated within that zone to prevent
data loss due to failure of any single hardware component.
• AMI creation is easy using a single command.
• EBS backed Instances can be upgraded for instance type, Kernel, RAM
disk and user data.
10
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
11
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
Encryption is supported by all EBS volume types (General Purpose SSD [gp2],
Provisioned IOPS SSD [io1], Throughput Optimized HDD [st1], Cold HDD [sc1],
and Magnetic [standard]). You can expect the same IOPS performance on
encrypted volumes as on unencrypted volumes with a minimal effect on
latency. You can access encrypted volumes in the same way as you access
unencrypted volumes. Encryption and decryption are handled transparently
and does not require additional action from you or your applications.
Public snapshots of encrypted volumes are not supported, but you can share an
encrypted snapshot with specific accounts.
Amazon EBS encryption is available only on certain instance types. You can
attach both encrypted and unencrypted volumes to a supported instance type.
Encryption Key Management
Amazon EBS encryption uses AWS Key Management Service (AWS KMS)
Customer Master Keys (CMKs) when creating encrypted volumes and any
snapshots created from them. A unique AWS-managed CMK is created for you
automatically in each region where you store AWS assets. This key is used for
Amazon EBS encryption unless you specify a customer-managed CMK that you
created separately using AWS KMS.
Note:
Creating your own CMK gives you more flexibility including the ability to
create, rotate, and disable keys to define access controls.
You cannot change the CMK that is associated with an existing snapshot or
encrypted volume. However, you can associate a different CMK during a
snapshot and copy operation so that the resulting copied snapshot uses the new
CMK.
EBS encrypts your volume with a data key using the industry-standard AES-256
algorithm. Your data key is stored on-disk with your encrypted data, but not
before EBS encrypts it with your CMK and it will never appear there in plain
text. The same data key is shared by snapshots of the volume and any
subsequent volumes created from those snapshots.
12
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
13
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
Important:
When you share a snapshot (whether by sharing it with another AWS account or
making it public to all), you are giving others access to all the data on the
snapshot. Share snapshots only with whom you want to share all your snapshot
data.
To modify snapshot permissions using the console:
1. Open the Amazon EC2 console.
2. Click Snapshots in the navigation pane.
3. Select a snapshot and then click Modify Permissions from the Actions list.
4. Select whether to make the snapshot public or to share it with specific
AWS accounts:
• To make the snapshot public, select Public.
This is not a valid option for encrypted snapshots or snapshots with
AWS Marketplace product codes.
• To expose the snapshot to only specific AWS accounts, click Private,
enter the ID of the AWS account (without hyphens) in the AWS
Account Number field, and click Add Permission. Repeat until you
have added all the required AWS accounts.
Points to Remember:
• If your snapshot is encrypted, you must ensure that the following
points are taken care:
o The snapshot is encrypted with a custom CMK but not your
default CMK. If you attempt to change the permissions of a
snapshot encrypted with your default CMK, the console
displays an error message.
o You are sharing the custom CMK with the accounts that have
access to your snapshot.
5. Click Save. Now a user logged into the permitted account can locate the
shared snapshot by choosing Private Snapshots in the filter menu.
14
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
An AMI includes:
• A template for the root volume for the instance (for example, an
operating system, an application server, and applications).
• Launch permissions that control which AWS accounts can use the AMI to
launch instances.
• A block device mapping that specifies the volumes to attach to the
instance when it is launched.
Using an AMI
The diagram given below summarizes the AMI lifecycle. After you create and
register an AMI, you can use it to launch new instances. (You can also launch
instances from an AMI if the AMI owner grants you the launch permissions.)
You can copy an AMI within the same region or to different regions. When you
no longer require an AMI, you can deregister it.
15
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
16
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
Note:
Delete on Termination determines if the EBS volume is deleted or
not; it does not affect the instance or the AMI.
o To add an Amazon EBS volume, click Add New Volume (which
adds a new row). For Volume Type, click EBS, and fill in the fields
in the row. When you launch an instance from your new AMI,
additional volumes are automatically attached to the instance.
Empty volumes must be formatted and mounted. Volumes based
on a snapshot must be mounted.
o When you launch an instance from your new AMI, additional
volumes are automatically initialized and mounted. These
volumes do not contain data from the instance store volumes of
the running instance on which you base your AMI.
2. To view the status of your AMI while it is being created, in the navigation
pane, click AMIs. Initially, the status is pending but should change
to available after a few minutes.
3. To view the snapshot that was created for the new AMI, click Snapshots.
When you launch an instance from this AMI, this snapshot is used to
create its root device volume (Optional).
4. Launch an instance from your new AMI.
5. The new running instance contains all the customizations that you
applied in previous steps.
17
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
18
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
Creating a RAID 0 array allows you to achieve a higher level of performance for
a file system than you can provision on a single Amazon EBS volume. A RAID 1
array offers a "mirror" of your data for extra redundancy. Before you perform
this procedure, you need to decide how large your RAID array should be and
how many IOPS you want to provision.
19
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
Summary
• Amazon EBS allows you to create storage volumes and attach them to
Amazon EC2 instances. Once attached, you can create a file system on top
of these volumes, run a database, or use them in any other way you
would use block storage.
• Amazon EBS volumes are placed in a specific Availability Zone where
they are automatically replicated to protect you from the failure of a
single component.
• EBS volume types offer durable snapshot capabilities and are designed
for 99.999% availability.
20
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.
AWS Foundation and Architecture
References:
1. http://docs.aws.amazon.com/*
2. https://aws.amazon.com/whitepapers/*
3. https://aws.amazon.com/blogs/*
21
©COPYRIGHT 2017, ALL RIGHTS RESERVED. MANIPAL GLOBAL EDUCATION SERVICES PVT. LTD.