Os volumes do EBS são apagados antes de serem alocados
Amazon EBS volumes are presented to you as raw unformatted block devices that have been wiped prior to being made available for use. Wiping occurs immediately before reuse so that you can be assured that the wipe process completed. If you have procedures requiring that all data be wiped via a specific method, such as those detailed in DoD 5220.22-M (“National Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”), you have the ability to do so on Amazon EBS. You should conduct a specialized wipe procedure prior to deleting the volume for compliance with your established requirements.
Além disso, se os dados forem confidenciais, você deverá usar volumes criptografados do EBS. Cada volume tem uma chave exclusiva. Quando você destrói o volume, a chave é excluída . Mesmo que os dados possam ser acessados, eles não podem ser descriptografados.
Each AWS account has a unique master key that is stored separately from your data, on a system that is surrounded with strong physical and logical security controls. Each encrypted volume (and its subsequent snapshots) is encrypted with a unique volume encryption key that is then encrypted with a region-specific secure master key. The volume encryption keys are used in memory on the server that hosts your EC2 instance; they are never stored on disk in plaintext.
Se você quiser ter certeza, sim, você pode destruir os dados manualmente. Você pode usar para isso .