AWS Cheat Sheet — ENI

Gunjan
3 min readSep 5, 2023

--

AWS ENI stands for Elastic Network Interface.

It is a logical networking component in a VPC that represents a virtual network card. ENIs can be attached to EC2 instances, AWS Lambda functions, and other AWS services.

ENIs have a number of advantages over traditional network interfaces:

  • They are elastic, you can create and attach them as needed.
  • They are scalable, you can attach multiple ENIs to a single EC2 instance.
  • They are portable, you can detach an ENI from one instance and attach it to another instance.
  • They are secure, you can control which security groups are associated with each ENI.

ENIs are used for many networking use cases , such as:

  • Providing network connectivity for EC2 instances
  • Connecting EC2 instances to AWS services such as Elastic Load Balancing and Amazon S3
  • Creating load balancing groups
  • Implementing network segmentation
  • Connecting AWS Lambda functions to VPCs

Some questions that can come up in an AWS certification exam —

Are ENI’s linked to a specific Availability zone ?

Yes, ENIs are linked to a specific Availability Zone. When you create an ENI, you must specify the Availability Zone in which you want to create it. ENIs can only be attached to EC2 instances in the same Availability Zone.

Can we create ENI’s wiihout an EC2 instance ?

Yes , Secondary ENI’s can be created and will be standalone. Even if they are attached to any EC2 instance they can still live beyond the life of the EC2 instance itself.

How can you use ENIs to isolate different types of traffic in a VPC?

You can use ENIs to isolate different types of traffic in a VPC by attaching each type of traffic to a separate ENI. For example, you could create a separate ENI for web traffic, database traffic, and management traffic.

How can you use ENIs to connect an EC2 instance to an AWS service that is in a different VPC?

You can use ENIs to connect an EC2 instance to an AWS service that is in a different VPC by using a VPC peering connection.

Can you use ENI’s for high availability architectures ?

Yes. If one of your instances fails, its ENI can be attached to a cold or hot standby instance to rapidly recover the service.

I will be continuously updating this page , so check back for more questions and answers.

What is dual homing ?

Imagine a single web server that needs to configured in such a way that it has access to an internet Gateway for regular user traffic but needs only egress traffic into your data center for management functions such as software updates. The web server can be configured with two ENI’s one in each subnet in the same VPC. This way one of them would be configured to route traffic to the IGW. The other one would be configured to route to the VPN Gateway connected to the corporate network.Traffic on port 80/443 is allowed through the first ENI in the public subnet and SSH traffic from the private subnet on port 22 is allowed through the second ENI.

Disclaimer

The views and opinions expressed in this post are solely my own and do not necessarily reflect the views and opinions of my employer. This post is for personal learning purposes only and should not be construed as professional advice.

--

--