This past week, a customer asked this question after we let them know that we ran our servers in Amazon EC2.  Of course, I was stumped, since the only thing I know about decommissioning servers at the moment is just formatting them 5 times, and/or killing virtual instances.  This was definitely a question I had not thought of.  Well, I decided to create a post on the AWS Forums to ask the great AWS community if they had the answer.

Thanks to the moto@AWS, we had our answer by the next day.  moto@AWS pointed me over to the AWS Security Whitepaper.  Here is the answer:

Storage Device Decommissioning

When a storage device has reached the end of its useful life, AWS procedures include a decommissioning process that designed to ensure customer data are not exposed to unauthorized individuals.  AWS uses the techniques detailed in DoD 5220.22-M (“National  Industrial Security Program Operating Manual “) or NIST 800-88 (“Guidelines for Media Sanitization”) to destroy data as part of the decommissioning process.  If a hardware device is unable to be decommissioned using these procedures the device will be degaussed  or  physically destroyed in accordance with industry-standard practices.

I hope that helps if you were wondering, too!