Attaching a Volume

You can attach  a volume to an instance in order to expand the available storage on the instance. If you specify iSCSI as the volume attachment type, you must also connect and mount the volume from the instance for the volume to be usable. For more information, see Volume Attachment Types and Connecting to a Volume.

You can attach volumes to more than one instance at a time, see Attaching a Volume to Multiple Instances. To prevent data corruption from uncontrolled read/write operations with multiple instance volume attachments you must install and configure a clustered file system before you can use the volume, see Configuring Multiple Instance Volume Attachments with Read/Write Access for more information.


You should only attach Linux volumes to Linux instances and Windows volumes to Windows instances.

Required IAM Policy

To use Oracle Cloud Infrastructure, you must be granted security access in a policy  by an administrator. This access is required whether you're using the Console or the REST API with an SDK, CLI, or other tool. If you get a message that you don’t have permission or are unauthorized, verify with your administrator what type of access you have and which compartment  to work in.

For administrators: The policy in Let users launch compute instances includes the ability to attach/detach existing block volumes. The policy in Let volume admins manage block volumes, backups, and volume groups lets the specified group do everything with block volumes and backups, but not launch instances.

If you're new to policies, see Getting Started with Policies and Common Policies. For reference material about writing policies for instances, cloud networks, or other Core Services API resources, see Details for the Core Services.

Security Zones

Security Zones ensure that your cloud resources comply with Oracle security principles. If any operation on a resource in a security zone compartment violates a policy for that security zone, then the operation is denied.

The following security zone policies affect your ability to attach block volumes to Compute instances.

  • All block volumes attached to a Compute instance in a security zone must themselves be in a security zone.

  • Block volumes in a security zone cannot be attached to a Compute instance that is not in a security zone.

Using the Console

  1. Open the navigation menu and click Compute. Under Compute, click Instances.
  2. In the Instances list, click the instance that you want to attach a volume to.

  3. In the Resources section, click Attached Block Volumes.

  4. Click Attach Block Volume.

  5. Select the volume attachment type, iSCSI, Paravirtualized, or Let Oracle Cloud Infrastructure choose the best attachment type.

    For more information, see Volume Attachment Types.

  6. In the Block Volume Compartment drop-down list, select the compartment.

  7. Specify the volume you want to attach to. To use the volume name, choose SELECT VOLUME and then select the volume from the Block Volume drop-down list. To specify the volume OCID, choose ENTER VOLUME OCID and then enter the OCID into the Block Volume OCID field.

  8. If the instance supports consistent device paths, and the volume you are attaching is not a boot volume, select a path from the Device Path drop-down list when attaching. This enables you to specify a device path for the volume attachment that remains consistent between instance reboots.

    For more information about this feature and the instances that support it, see Connecting to Volumes With Consistent Device Paths

  9. Select the access type, Read/Write or Read-only.

    For more information, see Volume Access Types.

  10. For paravirtualized volume attachments on virtual machine (VM) instances, you can optionally encrypt data that is transferred between the instance and the Block Volume service storage servers. To do this, select the Use in-transit encryption check box. If you configured the volume to use an encryption key that you manage using the Vault service, this key is used for in-transit encryption. Otherwise, the Oracle-provided encryption key is used. See Block Volume Encryption for more information.

  11. Click Attach.

    When the volume's icon no longer lists it as Attaching, if the attachment type is Paravirtualized, you can use the volume. If the attachment type is iSCSI, you need to connect to the volume first. For more information, see Connecting to a Volume.

    On Linux-based instances, if you want to automatically mount volumes on instance boot, you need to set some specific options in the /etc/fstab file, or the instance may fail to launch. This applies to both iSCSI and paravirtualized attachment types. For volumes using consistent device paths, see fstab Options for Block Volumes Using Consistent Device Paths. For all other volumes, see Traditional fstab Options.