Attaching a Volume

You can attach  a volume to an instance in order to expand the available storage on the instance. If you specify iSCSI as the volume attachment type, you must also connect and mount the volume from the instance for the volume to be usable. For more information, see Volume Attachment Types and Connecting to a Volume.

You can attach volumes to more than one instance at a time, see Attaching a Volume to Multiple Instances. To prevent data corruption from uncontrolled read/write operations with multiple instance volume attachments you must install and configure a clustered file system before you can use the volume, see Configuring Multiple Instance Volume Attachments with Read/Write Access for more information.


When you change the performance for a volume, the volume's lifecycle state changes to Provisioning while the settings are being updated. During this process, you can't attach the volume to an instance, you need to wait until the volume's lifecycle state transitions back to Available before you attach the volume to an instance.

Attaching to Ultra High Performance Volumes

When you attach a volume configured for the Ultra High Performance level, the volume attachment must be enabled for multipath to optimize the volume's performance.

The Block Volume service attempts to configure the attachment as multipath-enabled during the attachment process. After you attach a volume, you can confirm if the volume attachment was successfully enabled for multipath, see Checking if a Volume Attachment is Multipath-Enabled.

Whether an attachment is enabled for multipath is determined based the attached instance's shape, along with whether all the applicable prerequisites are met and configured correctly. For more information about prerequisites and requirements for multipath-enabled attachments, see Configuring Attachments to Ultra High Performance Volumes.

For more information about the Ultra High Performance level, see Block Volume Performance and Ultra High Performance.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  to work in.

For administrators: The policy in Let users launch compute instances includes the ability to attach/detach existing block volumes. The policy in Let volume admins manage block volumes, backups, and volume groups lets the specified group do everything with block volumes and backups, but not launch instances.

If you're new to policies, see Getting Started with Policies and Common Policies. For reference material about writing policies for instances, cloud networks, or other Core Services API resources, see Details for the Core Services.

Security Zones

Security Zones ensure that your cloud resources comply with Oracle security principles. If any operation on a resource in a security zone compartment violates a policy for that security zone, then the operation is denied.

The following security zone policies affect your ability to attach block volumes to compute instances.

  • All block volumes attached to a compute instance in a security zone must be in the same security zone.

  • Block volumes in a security zone cannot be attached to a compute instance that is not in the same security zone.

Using the Console to Attach a Volume

  1. Open the navigation menu and click Compute. Under Compute, click Instances.
  2. In the Instances list, click the instance that you want to attach a volume to.

  3. In the Resources section, click Attached Block Volumes.

  4. Click Attach Block Volume.

  5. Specify the volume you want to attach to. To use the volume name, choose SELECT VOLUME and then select the volume from the Block Volume drop-down list. If the volume is in a different compartment from the instance, click Change Compartment and then in the compartment drop-down list, select the compartment that the volume is located in.

    To specify the volume OCID, choose ENTER VOLUME OCID and then enter the OCID into the Block Volume OCID field.

  6. If the instance supports consistent device paths, and the volume you are attaching is not a boot volume, select a path from the Device Path drop-down list when attaching. This enables you to specify a device path for the volume attachment that remains consistent between instance reboots.

    For more information about this feature and the instances that support it, see Connecting to Volumes With Consistent Device Paths

  7. Select the volume attachment type, iSCSI, Paravirtualized, or Let Oracle Cloud Infrastructure choose the best attachment type.

    For more information, see Volume Attachment Types.

  8. For iSCSI volume attachements, you can optionally require CHAP credential. To do this, select the Require CHAP credentials check box.

    For iSCSI attachments to Linux-based instances, you can also optionally configure the attachment to use the Block Volume Management plugin to run the iSCSI commands to automatically connect to the volume. To do this, select the Use Oracle Cloud Agent to automatically connect to iSCSI-attached volumes check box.


    To automatically connect to the volume, the Block Volume Management plugin must be enabled on the instance. See Enabling the Block Volume Management Plugin for more information. When enabling the Block Volume Management plugin, ensure that the instance is running version 1.23.0 or newer of the Oracle Cloud Agent software.
  9. Select the access type, Read/Write or Read-only.

    For more information, see Volume Access Types.

  10. For paravirtualized attachments on virtual machine (VM) instances, you can optionally encrypt data that is transferred between the instance and the Block Volume service storage servers. To do this, select the Use in-transit encryption check box. If you configured the volume to use an encryption key that you manage using the Vault service, this key is used for paravirtualized in-transit encryption. Otherwise, the Oracle-provided encryption key is used. When attaching to a bare metal instance that supports in-transit encryption, in-transit encryption is enabled by default and is not configurable.

    See Block Volume Encryption for more information about in-transit encryption.

  11. Click Attach.

    When the volume's icon no longer lists it as Attaching, if the attachment type is Paravirtualized, you can use the volume. If the attachment type is iSCSI, you need to connect to the volume first. For more information, see Connecting to a Volume.

    On Linux-based instances, if you want to automatically mount volumes on instance boot, you need to set some specific options in the /etc/fstab file, or the instance may fail to launch. This applies to both iSCSI and paravirtualized attachment types. For volumes using consistent device paths, see fstab Options for Block Volumes Using Consistent Device Paths. For all other volumes, see Traditional fstab Options.