AWS Elastic Network Interfaces (ENI) Explained

What is an Elastic Network Interface (ENI)?

An Elastic Network Interface (ENI) is a virtual network card in an Amazon Virtual Private Cloud (VPC) that enables EC2 instances to connect to a network. ENIs provide networking capabilities beyond EC2 instances, allowing for failover scenarios, additional IP addresses, and enhanced security.

Key Features of an ENI

Each ENI comes with several attributes:

1. Private IP Addresses
   • Primary private IPv4 (always required).
   • One or more secondary private IPv4 (optional).
2. Public IP Addresses
   • Each private IPv4 can be assigned an Elastic IP (EIP).
   • One or more public IPv4 addresses can be attached.
3. Security Groups
   • ENIs can have one or more security groups, controlling inbound/outbound traffic.
4. MAC Address
   • Each ENI has a unique MAC address.
5. Elasticity & Mobility
   • ENIs can be created independently of EC2 instances.
   • Can be attached/detached on the fly between EC2 instances.
   • Can be moved between instances for failover purposes.
6. Availability Zone Bound
   • An ENI is restricted to the AZ in which it was created.

ENI Use Cases

1. Attaching Multiple Network Interfaces

• Primary ENI (eth0) provides basic network access.
• Additional ENIs (eth1, eth2, etc.) can be attached for:
  • Multi-homed applications (e.g., different subnets for security).
  • Separation of traffic for security reasons.

2. Failover & High Availability

• ENIs allow private IP mobility:
  • Move an ENI from one EC2 instance to another.
  • Useful for applications requiring a static private IP (e.g., databases, load balancers).

3. Network Virtual Appliances