What is the threat model for AWS EBS volumes encryption?

tl;dr Auditors

Many data security audits require data to be encrypted at rest. Often the threat model is an old hard drive ending up on eBay or picked out of the dump. If the data is unencrypted on these drives and they are not properly handled/destroyed there could definitely be data loss. There is also the classic "truck backing up into the datacenter" threat vector where people make off with whole servers but no decryption keys.

Other suggestion: it's an added layer of security in case of a failure of multi-tier isolation for EBS (for example a bug in AWS makes that another account suddenly has access to your data volumes): it would also require to have accesss to your encryptions keys, which are provided by another service.