Hello,

Once you delete your volume, that data is permanently removed from our systems. There would be no possible way for us to recover it, or for any other user to pick up any image of your volume.

Hi micah,

Thanks for the reply.

Although you guys aren't able to recover the data, as long as the blocks aren't zeroed out, a malicious user can potentialy create a EBS volumn and scan the blocks for data. (Kind of like buying a used laptop on ebay and using tools to scan for text documents).

Do you guys actually zero out the blocks?

Thanks

I actually tested that a few months ago. Every block was fully binary zero.

Volumes are logically allocated in a manner similar to how files are allocated in a filesystem. When you create a file in a modern filesystem, it NEVER sets up data block pointers to existing blocks that have data. You cannot see latent data by creating an empty or sparse file and reading it. The only way a file's logical location can end up with a pointer to a disk block is by actually writing it. If that's a partial write, it will TRY to read the block first so that partial data is retained. However, since this is the first use of that block, no pointer exists, so the OS just fabricates a block of binary zero content, updates with the partial write, writes it to disk, sets up a pointer, and writes the block that contains the pointers.

Volumes work much like a file in a massively huge filesystem, but are simply accessed by the mechanism AWS has deployed (I guess a very scalable, reliable, and redudant SAN/NAS system). I do know some details about one SAN system and it works like that.

Your data is safe at AWS to the extent you can trust that staff at Amazon to not mess with things. Most staff would have no level of access that could do it. The few that do would likely have undergone some serious background checks (as I have gone through just to be a sysadmin at a company that is an AWS customer). Furthermore, the amount of data and processes going on at AWS would just boggle your mind. That'll keep staff busy.

My ONLY concern at AWS is a concern that would be present regardless of the provider ... that the government of the jurisdiction they are in may possibly be able to demand the data. Look up "megaupload". But AWS at least has a choice of jurisdictions.

Hello,

I can confirm that when any customer volume is terminated (be it EBS or an instance storage volume) it is completely wiped before being made available for use by other customers.

Please see the following whitepaper which outlines our security processes:

http://media.amazonwebservices.com/pdf/AWS_Security_Whitepaper.pdf

Richard

To be a little more specific, https://d1.awsstatic.com/whitepapers/Security/Security_Compute_Services_Whitepaper.pdf states :
(emphasis mine). Your data will live in the storage system for an indefinite period of time after your terminate the volume but will be wiped prior to being available to another user.

I'm unsure of the effect of EBS Volume Encryption on this. Ideally AWS wipes the encryption key that enables decoding of the volume at termination time, but I don't think this is published. Most security postures will find AWS's procedure sufficient, but I'm sure there are some datasets where one might be legitimately worried that an entity might come into possession of not-yet-wiped drives.