This post is part of my note taking while studying for the AWS Certified Advanced Networking - Specialty certification.
Elastic Network Interfaces
Elastic Netowrk Interfaces (ENIs) are only available in VPCs. You can create, detach, attach ENIs to different instances in the same AZ. Also, you can’t move an ENI between subnets once it’s created. The following attributes can be associated with an ENI:
- A primary private IPv4 address
- One or more secondary private IPv4 addresses
- One Elastic IP address (IPv4) per private IPv4 address
- One public IPv4 address
- One or more IPv6 addresses
- One or more security groups
- A MAC address
- A source/destination check flag
- A description
Each instance has a primary ENI that cannot be detached.
- The primary/default (eth0) ENI cannot be detached from an instance.
- 350 ENIs per region (on-demand limit * 5, default on-demand limit is 20)
- 2-15 ENIs per instance, depending on the type (most can only ahve 2, 3, 4, or 8)
- ENIs are an AZ-scoped concept
ENIs and Internal IPs
The primary network interface for an instance is assigned a primary private IPv4 address from the IPv4 address range of your VPC. You can assign additional private IPv4 addresses to a network interface.
ENIs and MAC addresses
The MAC address is retained by the ENI. This can be useful if licensing is tied to a MAC address and you need to move it between instances. If the primary instance goes down, you (or code running on your behalf) could attach the ENI to a hot standby instance.
ENIs and external IPs
In a VPC, subnets are designated public or pviate. In a public subnet, when launched, instances are given a public IP from Amazon’s pool. When you launch an instance, this IP is associated wit hteh primary ENI (eth0) that’s created. This external, public IP and ENI cannot be dissaociated from the instance and assigned to another. If you want that, use an Elastic IP. The external IP is released when the instance is stopped or termianted or when an Elastic IP is assigned to the instance.
ENIs and Elastic IPs
EIPs can be associated with ENIs. When moving an ENI between instances, the EIP, if attached to the ENI, will follow the ENI.