Elastic Network Interface

An Elastic Network Interface (ENI) is a virtual network interface that you can attach to an instance in an Amazon VPC. ENIs are only available within an Amazon VPC, and they are associated with a subnet upon creation. They can have one public IP address and multiple private IP addresses. If there are multiple private IP addresses, one of them is primary.Assigning a second network interface to an instance via an ENI allows it to be dual-homed (have network presence in different subnets). An ENI created independently of a particular instance persists regardless of the lifetime of any instance to which it is attached; if an underlying instance fails, the IP address may be preserved by attaching the ENI to a replacement instance.

ENIs allow you to create a management network, use network and security appliances in your Amazon VPC, create dual-homed instances with workloads/roles on distinct subnets, or create a low-budget, high-availability solution.

A common use case for ENIs is the creation of management networks. This allows you to have public-facing applications like web servers in a public subnet but lock down SSH access down to a private subnet on a secondary network interface. In this scenario, you would connect using a VPN to the private management subnet, then administrate your servers as usual.

 
ENIs are also often used as the primary network interfaces for Docker containers launched on ECS using Fargate. This allows Fargate tasks to handle complex networking, set firewalls in place using security groups, and be launched into private subnets.
 

 It can include the following attributes:

• A primary private IPv4 address from the IPv4 address range of your VPC
• One or more secondary private IPv4 addresses from the IPv4 address range of your VPC
• One Elastic IP address (IPv4) per private IPv4 address
• One public IPv4 address
• One or more IPv6 addresses
• One or more security groups
• A MAC address
• A source/destination check flag
• A description

Implementing Cheap Failover With ENIs

Because ENIs can have their association dynamically assigned, they’re commonly used to implement failover in network design. If you’re running a service that needs high availability, you can run two servers, a primary server and a standby server. If the primary server fails for any reason, the service can be switched over to the standby server.
ENIs can fulfill this pattern quite easily—simply launch two servers, create a secondary ENI instance to use as the switch, and associate it to the primary server, optionally with an elastic IP. Whenever you need to swap to the standby instance, you simply have to swap the ENI over (albeit manually, or with a script).
However, ENIs aren’t the best way to go about this in AWS’s ecosystem. AWS supports auto-scaling, which can be used to achieve the same effect in a more cost effective manner. Rather than paying extra for redundancy, you would instead run many smaller servers in a auto-scaling fleet. If one of the instances goes down, it isn’t a big deal. A new server can be spun up quickly to handle the drop in traffic.