An Elastic Network Interface (ENI) is a virtual network interface in a VPC. When EC2 instances are created in a VPC, they automatically get a default network interface (eth0). This interface cannot be detached from this instance. You can choose to have a public IP address automatically assigned to this interface. However, if the instance is stopped, the public IP address is released.
You can create an ENI and attach it to an EC2 instance as a secondary interface. The ENI can be placed in a different subnet than eth0, giving the instance access to multiple subnets, such as management and traffic subnets. Each interface can have different security groups applied as well. Figure 11.2 shows the AWS Management Console screen where you create an ENI.
FIGURE 11.2 ENI
An Elastic IP (EIP) address is a public IP address that can be associated with an ENI. This dedicated IP address is not released, even if the associated instance is stopped or terminated, as long as the ENI remains. If an EIP is attached to an ENI that is deleted upon termination of an instance, that EIP is automatically released. Figure 11.3 shows an EIP being assigned to an ENI.
FIGURE 11.3 EIP
An Internet gateway can be attached to a VPC to allow Internet access. The IGW is highly available and does not create any availability risks or bandwidth constraints the way a traditional physical router does.
Your instances are aware of the private addressing scheme only within the VPC. If an instance is configured with a public IP, the IGW provides a one-to-one Network Address Translation (NAT) service when traffic leaves your VPC and goes to the Internet. Figure 11.4 shows the process of attaching an IGW to a VPC.
FIGURE 11.4 Attaching an Internet gateway
A VPC has a CIDR range that must be between a /16 netmask and /28 netmask. You can add a secondary CIDR range to an existing VPC to increase the number of usable addresses, but you cannot change an existing CIDR range.
Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.
1. You have created a VPC with a CIDR range that does not provide enough addresses. Which method should be used to resolve this issue?
A. Modify the existing CIDR range using the AWS CLI.
B. Place the VPC in maintenance mode and perform a batch re-addressing using CloudFormation.
C. Create a new VPC and perform a live migration to relocate EC2 instances to it.
D. Associate a secondary IPv4 CIDR block with your VPC.
2. You have an EIP associated with a secondary ENI on an EC2 instance. What happens to the EIP if you terminate the instance?
A. The EIP is released.
B. The EIP remains associated with the terminated instance.
C. The EIP is still allocated to your AWS account, and you are still billed for it.
D. The EIP is still allocated to your AWS account, but you are billed for it only if it is associated with a running instance.
1. Answer: D is correct. You cannot resize a CIDR block after it has been created. You can add a secondary CIDR block to an existing VPC. Local routes for the secondary CIDR block are automatically generated.
2. Answer: C is correct. The EIP remains associated with your AWS account, and you are billed for it. You must release the EIP to stop incurring charges.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
