EBS Block Store
- Amazon Elastic Block Store
(EBS) is an easy to use, high performance block storage service designed for
use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction
intensive workloads at any scale. A broad range of workloads, such as
relational and non-relational databases, enterprise applications, containerized
applications, big data analytics engines, file systems, and media workflows are
widely deployed on Amazon EBS.
EBS Types
- ZONAL - EC2 instance and EBS volume need to be in the same AZ to be attached
EBS – Elastic Block Store
§ EBS-backed EC2 – can be stopped, rebooted, restarted, terminated
§ Unformatted external volumes that can be attached to EC2, virtual h/drive
§ Block-storage – can be used for database-style storage when frequent read/writes are required
§ Can be attached to single EC2 at a time only
§ EC2 and EBS MUST be in same AZ
§ EBS data is replicated across multiple service in same AZ for resilience
§ EBS-backed EC2 instance with Instance-store volumes attached – you can stop the instance and the root will not lose data, but the attached Instance-store volumes will lose all data
- Instance Store
§ Instance-store backed EC2 – boots from AMI stored on S3
§ Ephemeral storage – can NOT be stopped, only rebooted or terminated
§ Higher IOPS than EBS
§ Not all EC2 instance types support instance-store volumes
Encryption on EBS
- An EBS is attached to an EC2. The actual data encryption takes place on EC2 (not to EBS). The data then travels to EBS over AWS infra. The EC2 needs to be equipped (CPU power, etc.) to be able to perform the encryption. That’s why while all EBS volumes do support encryption, not all EC2 instance types do. Encryption available yes/no is driven by EC2 not EBS. Ex: R2 Micro (free tier) does not support encryption.
Volume types
- Encryption is supported by all EBS volume types. You can expect the same IOPS performance on encrypted volumes as on unencrypted volumes, with a minimal effect on latency. You can access encrypted volumes the same way that you access unencrypted volumes. Encryption and decryption are handled transparently, and they require no additional action from you or your applications
§ Data at rest inside the volume
§ All data moving between the volume and the instance
§ All snapshots created from the volume
§ All volumes created from those snapshots
- Encryption operations occur on
the servers that host EC2 instances, ensuring the security of both data-at-rest
and data-in-transit between an instance and its attached EBS storage. You can
encrypt both the boot and data volumes of an EC2 instance
Supported EC2 instance types
- Amazon EBS encryption is available on the instance types listed below. You can attach both encrypted and unencrypted volumes to these instance types simultaneously.
§ General purpose: A1, M3, M4, M5, M5a, M5ad, M5d, M5dn, M5n, T2, T3, and T3a
§ Compute optimized: C3, C4, C5, C5d, C5n
§ Memory optimized: cr1.8xlarge, R3, R4, R5, R5a, R5ad, R5d, R5dn, R5n, u-6tb1.metal, u-9tb1.metal, u-12tb1.metal, u-18tb1.metal, u-24tb1.metal, X1, X1e, and z1d
§ Storage optimized: D2, h1.2xlarge, h1.4xlarge, I2, I3, and I3en
Supported EC2 instance types
- Amazon EBS encryption is available on the instance types listed below. You can attach both encrypted and unencrypted volumes to these instance types simultaneously.
§ General purpose: A1, M3, M4, M5, M5a, M5ad, M5d, M5dn, M5n, T2, T3, and T3a
§ Compute optimized: C3, C4, C5, C5d, C5n
§ Memory optimized: cr1.8xlarge, R3, R4, R5, R5a, R5ad, R5d, R5dn, R5n, u-6tb1.metal, u-9tb1.metal, u-12tb1.metal, u-18tb1.metal, u-24tb1.metal, X1, X1e, and z1d
§ Storage optimized: D2, h1.2xlarge, h1.4xlarge, I2, I3, and I3en
§ Accelerated computing: F1, G2, G3, G4, Inf1, P2, and P3
No comments:
Post a Comment