Creating a Boot Partition on a New AWS Volume

If a Linux VM in AWS is not running CentOS 6.x, RHEL 6.x, or Amazon Linux, we recommend that you create a boot partition on the existing root volume and then boot from the root volume. Because the root volume will be larger than a new volume created exclusively as a boot volume, AWS will assign more IOPS (Input/Output Operations per Second) to the root volume than to a new volume. This usually results in faster encryption speeds due to the higher number of IOPS available. This method is described in Creating a Boot Partition on the AWS Root Volume.

If the VM is running CentOS 6.x, RHEL 6.x, or Amazon Linux, or if you do not want to add a boot partition to your root volume, you can create a new volume that will become the boot partition. To do so:

1. Create and add another volume from EBS to the existing instance. For example, say the current Linux is installed on device /dev/sda1 and the GRUB stage1 is also installed on /dev/sda1. This is a typical Linux installation. Find out the space required by the /boot subtree:

   # du -sh /boot

   In general, the space provided should be twice the space used by /boot plus 100MB. So if /boot uses 200MB, the space should be (200MB * 2) + 100 MB = 500MB.

2. Run the script aws-prepare-boot.sh that is installed as part of the HyTrust DataControl Policy Agent package. For example, if you add a new device named /dev/xvdf, you would enter:

   # /opt/hcs/bin/aws-prepare-boot.sh /dev/xvdf

3. Power OFF the AWS instance.

4. From the EC2 console, detach the original volume and the new volume from the VM instance.

5. Reattach both volumes but with names exchanged. So the new volume should be added as /dev/sda1 and the original volume should be added as /dev/sdf. This changes the boot device for the VM instance.

   Tip:

   Note the use of /dev/sda1 and not /dev/sda, as the EC2 console typically uses this name for the OS boot disk.

What to Do Next 

Verify the configuration as described in Verifying the Current VM Configuration and then encrypt the boot device as described in Encrypting Linux System Devices.