Changed Block Tracking for AWS

Changed Block Tracking (CBT) enhances backup performance for AWS Elastic Block Storage (EBS) volumes by leveraging the newly-announced Amazon EBS direct APIs. With CBT, AWS Amazon EBS direct APIs detect the allocated blocks (for full backups) and changed blocks (for incremental backups) by comparing two Amazon Machine Image (AMI) snapshots. This enhancement provides improved Recovery Point Objective (RPO), backup acceleration, and reduced cost of backup operations.

By default, CBT is enabled when you create a new subclient. You can enable CBT for existing subclients.

You can use CBT with streaming backups, and with the backup copy operation of IntelliSnap backups.


If you use CBT backups, in certain cases, the Commvault software might not delete snapshots that are intended to be temporary, and these snapshots can increase your monthly costs for AWS. For information about identifying and deleting these snapshots, see Cleaning up resources after Amazon EC2 instance or backup deletion.

Key Features

  • The ability to request all allocated blocks for full backups (ListSnapshotBlocks) to accelerate the full backup time.

  • The ability to request all new or updated blocks between two EBS snapshots (ListChangedBlocks) to accelerate the incremental backup time.

Data You Can Back Up

  • Active EC2 instances (whether they are powered on or powered off)

  • Instance EBS volumes

  • Volumes using default or custom encryption

Data You Cannot Back Up

  • AMIs

  • Instance store volumes

AWS Permissions

CBT uses the EBS service, and requires the following AWS permissions:

  • ebs:ListSnapshotBlocks

  • ebs:ListChangedBlocks

If the ebs:ListSnapshotBlocks and ebs:ListChangedBlocks permissions are not available, the backup operation reverts to a non-CBT backup.

AWS Reference Topics

  • AWS launches EBS direct APIs that provide read access to the EBS snapshot data, enabling backup providers to achieve faster backups of EBS v,olumes at lower costs. See AWS What's New.

  • Amazon Elastic Block Store (EBS) direct APIs. See Amazon Elastic Block API reference.

  • The access node must have access to the EBS endpoints. For more information about EBS endpoints for different regions, see Amazon Elastic Block Store endpoints and quotas on the AWS documentation site.

    Communication with EBS endpoints incurs costs associated with external network transfers, typically a NAT gateway per processed GB cost, in addition to hourly NAT gateway costs. See NAT gateway pricing.

  • Amazon Elastic Block Store (EBS) Pricing, go to Amazon EBS direct APIs for Snapshots.

    AWS EBS direct APIs incur additional costs associated with interacting with the EBS snapshots, namely a cost per:

    • ListChangedBlocks

    • ListSnapshotBlocks

How It Works

  • Streaming Backups

    An AMI contains snapshots corresponding to each volume in the AWS instance. With CBT enabled, for full backups, the list of allocated blocks on the AWS volumes is obtained from the AMI snapshots of the current backup job. For incremental backups, the changed blocks on the AWS volumes are detected by comparing the AMI snapshots of the previous CBT-enabled backup operation. Only the changed blocks are backed up and written to backup media. One AMI is retained after each backup job.

  • IntelliSnap Backups

    With CBT enabled, the snapshots that are created during IntelliSnap backups are used to get the list of allocated blocks for full backups and only the changed blocks for incremental backups. During an incremental backup copy operation, only the changed blocks are backed up and written to backup media. The snapshots are retained based on the retention policy at the storage policy level.


After each streaming backup, the corresponding AMI (tagged by CV_CBT_Snap) and snapshots will be retained. When the retention rule for backup copies is set to spool copy, for Amazon CBT, one snapshot per instance will still be retained for comparison.

CBT is supported in all AWS regions.

When you perform backups on volumes that have EBS encryption enabled and if the backups do not have the ebs:ListAllocatedBlocks permission, then the empty extents containing unique signatures are parsed and backed up every time. To avoid high application size and low deduplication savings because of backing up empty extents, you can run the backups with permissions required for CBT backups to get only the list of allocated extents.