Open menu
-->

AWS EBS Best Practices

Elastic Block Storage (EBS) volumes are block-level, durable storage devices that attach to your EC2 Instances. EBS Volumes can be used as your primary storage device for an EC2 instance or database, or for throughput-intensive systems requiring constant disk scans.



Elastic Block Storage (EBS) volumes are block-level, durable storage devices that attach to your EC2 Instances. EBS Volumes can be used as your primary storage device for an EC2 instance or database, or for throughput-intensive systems requiring constant disk scans. EBS volumes exist independently from your EC2 instances and can be retained after the associated EC2 instance has been deleted. AWS provides various types of EBS volumes allowing you to tailor the right volume to meet your budget and application performance requirements.

Cloud Conformity checks Amazon Elastic Block Store (Amazon EBS) service according to the following rules:

Enable Encryption for App-Tier EBS Volumes
Ensure all AWS EBS volumes for app tier are encrypted.

Enable AWS EBS Encryption
Ensure that existing Elastic Block Store (EBS) attached volumes are encrypted to meet security and compliance requirements.

Use AWS KMS Customer Master Keys for EBS encryption
Ensure EBS volumes are encrypted with KMS CMKs in order to have full control over data encryption and decryption.

EBS General Purpose SSD Volume Type
Ensure EC2 instances are using General Purpose SSD (gp2) EBS volumes instead of Provisioned IOPS SSD (io1) volumes to optimize AWS EBS costs.

EBS Volume Naming Conventions
Ensure EBS volumes are using proper naming conventions to follow AWS tagging best practices.

Amazon EBS Public Snapshots
Ensure that your Amazon EBS volume snapshots are not accessible to all AWS accounts.

AWS EBS volumes recent snapshots
Ensure AWS Elastic Block Store (EBS) volumes have recent snapshots available for point-in-time recovery.

Remove AWS EBS old snapshots
Identify and remove old AWS Elastic Block Store (EBS) volume snapshots for cost optimization.

Remove Unattached EC2 EBS volumes
Identify and remove any unattached Elastic Block Store volumes to improve cost optimization and security.

Idle AWS EBS Volumes
Identify idle AWS EBS volumes and delete them in order to optimize your AWS costs.

Enable AWS EBS Snapshot Encryption
Ensure Amazon EBS snapshots are encrypted to meet security and compliance requirements.

EBS Volumes Attached to Stopped EC2 Instances
Identify Amazon EBS volumes attached to stopped EC2 instances (i.e. unused EBS volumes).

Enable Encryption for Web-Tier EBS Volumes
Ensure all AWS EBS volumes for web tier are encrypted.