AWS EC2: Elastic Compute Cloud part3
EC2 INSTANCE TENANCY ATTRIBUTE
Each instance that you launch into a VPC has a tenancy attribute, that you can configure when launching the instance
This attribute has the following values:
Default: The instance needs to be launched on shared hardware
Dedicated: The instance needs to be launched on single-tenant hardware
Host: The instance needs to be launched on a Dedicated host, which is an isolated server with configurations that you can control.
After you launch an instance, there are some limitations to changing its tenancy.
- You cannot change the tenancy of an instance from the default to dedicated or host after you have launched it.
- You cannot change the tenancy of an instance from dedicated or host to the default after you have launched it.
- You can change the tenancy of an instance from dedicated to host, or from host to dedicated after you have launched it.
Some AWS services or their features won't work with a VPC with the instance tenancy set to dedicated.
Some instances of types cannot be launched into a VPC with the instance tenancy set to dedicated.
ELASTIC COMPUTE CLOUD: ELASTIC NETWORK INTERFACE (ENIs)
Eth0 is the primary network interface.
- You cant move/detach the primary interface from an instance.
- By default, Eth0 is the only ENI created with an EC2 instance when it is launched
- You can add more interfaces to your EC2 instance.
- An ENI is bound to Availability Zone.
ELASTIC NETWORK INTERFACE (ENI)
You can specify exactly which IP address in the subnet to be configured on your instances, or leave AWS to assign one automatically from the available subnet IPs.
Security groups apply to network interfaces not to individual IPs on the interface, hence IP addresses are also subject to the interface security group.
You can create only one additional Ethernet interface (eth1) when launching an EC2 instance, but you can create and attach more ENIs to the EC2 instance (the number depends on the Instance family/type).
Attaching ENI when the instance is running is called hot attach.
Attaching ENI when the instance is stopped is called warm attach.
Attaching instance when the instance is launched cold watch.
HOW TO ADD ADDITIONAL INTERFACES AT INSTANCE LAUNCH
When launching an EC2 instance, after selecting your VPC and subnet, you will be able to “add a device” this is how you can add one more interface.
If you do this, AWS will no longer assign a public IPV4 address to your eth0 and you have to use an elastic IP address mapped to your eth0 in order to be able to connect from the internet to your instance.
By default, network interfaces created automatically during EC2 instance launch by AWS console, are terminated when the instance is terminated.
- Does not include eth1 that you can add during launch.
Network interfaces created by CLI have NOT terminated automatically when the EC2 instance terminates.
In both cases above, you can change the default behavior by changing the termination behavior from
Instance> Net Interfaces> Change termination behavior
VIRTUAL ELASTIC NETWORK INTERFACES (ENI) ATTRIBUTES
Each Elastic Network Interface can have up to:
One primary IPV4 addresses
One or more second IPV4 addresses
One Elastic IP address corresponding to each IPV4 address (via NAT)
One Public IPV4 address
One of more IPV6 addresses
Up to 5 Security groups
A MAC address
A source/ destination check flag
SECONDARY IP ADDRESSES BENEFITS
You can configure secondary IPV4 addresses to your EC2 instance’s Intercaes and ENI’s
It can be useful to assign multiple IP addresses to an EC2 instance in your VPC to do the following:
Hosting multiple websites on a single server
Security and network appliances use in your VPC
Redirecting internal traffic to a standby EC2 instance in case your primary EC2 instance fails.
- This can be achieved by moving the secondary IPV4 address from the failed instance to the standby one.
When you configure secondary IPV4 addresses, and if you allow reassignment, they can be reassigned to another network interface.
You can reassign eth0 secondary private IPV4 address to another network interface.
- Comes in handy in failure scenarios if your traffic was directed to the secondary IPV4 address, and the instance fails, move it to standby instance if you have one, and the traffic will continue ( The Elastic IP to secondary IPV4 association remains as the secondary is moved)
ELASTIC IP AND SECONDARY IPV4 ADDRESS REASSIGNMENT
Each private IPV4 address can be associated with a single elastic IP address and vice versa.
When a secondary private IPV4 address is reassigned to another interface, the secondary IPV4 address retains its association with an Elastic IP address.
When a secondary private IPV4 address is unassigned from an interface, an associated elastic IP address is automatically disassociated from the secondary private IPV4 address.
VIRTUAL ELASTIC NETWORK INTERFACES (ENI)
Any network interface can be assigned a secondary IPV4 address from the same subnet of the network interface or EC2 instance.
You can assign/remove IP addresses from EC2 instances while they are running or stopped.
Detaching an ENI
Except for Eth0, any interface can be detached and attached to other instances.
Primary private IPV4, secondary private IPV4, IPV6, and Elastic IP addresses they continue to be with the same network interface even when it is detached, or attached or attached to another instance.
ELASTIC NETWORK INTERFACES (ENIs)- REMARKS
To attach a network interface in a subnet to EC2 instance in another subnet, they both MUST be in the same AWS Region and same AZ.
So, now we are done with the EC2 concept. In my next blog, I will start with Encryption (AWS KMS).