Elastic Network Interface (ENI)

 Elastic Network Interface (ENI) is a logical VPC component that acts as a virtual network interface card connecting the resource such as EC2 or DB instance to the respective subnet in the VPC. The name “Elastic” is because the ENI can be created independently ahead of time with IP address and other details and then can be associated to the relevant instance during the launch time. 

By default, each EC2 instance will be created with one ENI created and managed by AWS. Multiple ENIs can be connected to the same resource such as EC2 based on the business need.  When more than one ENI is attached to the resource, the primary one cannot be detached from a running instance while the secondary can be.

ENI Limitations

• NIC teaming for higher bandwidth or resiliency is not supported.
• The number of ENI per instance is limited by the instance type.

The sample configuration to create the ENI from AWS portal is as shown below:

Below are the basic steps involved in creating the ENI:

• (Mandatory) Define the subnet to which the ENI must be associated to.
• (Mandatory) Define the Private IPv4 Address (Auto-Assign or custom create)
• (Mandatory) Associate one or more security-groups to the ENI
• (Optional) Enable Elastic Fabric Adapter
• (Optional) Configure the relevant Tags

As it could be noted, the Private IPv4 Address can be auto-assigned by AWS or can be custom-created to retain the IP address.

The optional Elastic Fabric Adapter (EFA) field can be selected to enhance the network scalability for high performance computing (HPC) applications. The EFAs are a type of ENI where the message protocol interface (MPI) leverages a new type of library known as libfabric that bypasses the kernel and talks directly to the underlying EFA hardware. More details are available here.

Terraform Configuration

provider "aws" {

region = "us-east-1"

access_key = "<Removed>"

secret_key = "<Removed>"

}

data "aws_subnets" "subnets" {

}

data "aws_security_groups" "sg_groups" {

}

resource "aws_network_interface" "NyaCorp-ENI" {

subnet_id = "${data.aws_subnets.subnets.id}"

security_groups = ["${data.aws_security_groups.sg_groups.vpc_ids[0]}"]

}

It could be noted that the terraform configuration files doesn't have private_ips field configured. When this field is missing, AWS will auto-assign the IPv4 address for the ENI.