EC2 Network interfaces, instance IPs and DNS Flashcards
how many ENIs does an EC2 instance have?
It starts with 1 ENI
Can EC2 instances have more than one ENI?
Yes, they can have more than one ENI in separate subnets, but everything must be within one AZ.
When you launch an instance with Security Groups, where are they allocated?
To the ENI, not to the instance.
Enumerate some ENI properties
- Mac address
- Primary IPv4
- 0 or more secondary private IP addresses
- 0 or 1 public IPv4
Can the private IP of an instance change?
No, it will be static and not change for the lifetime of the instance
What is given with the private IP?
A private DNS name
How many private IPs can an instance have associated?
0 or more
How many public IPs can an instance have associated?
0 or 1
What is given with the public IP?
A public DNS name
Can the public IP of an instance change?
This is a dynamic IP that is not fixed
In which cases will the public IP be removed from the instance?
If you stop an instance. When you start up again, it is given a brand new IPv4 address.
What happens to the public IP when you restart the instance?
The public IP will not change.
Changing between EC2 hosts will…
Change the public IP of the instance.
What is the public DNS name resolved into?
The Public DNS name will resolve to the primary public IPv4 address of the instance
What is the private DNS name resolved into?
The Public DNS name will resolve to the primary private IPv4 address of the instance
What happens if you are using a public IPv4 and assign an elastic IP?
The original IPv4 address will be lost. There is no way to recover the original address.
How many IPv6 IPs can you assign to an ENI interface?
0 or more
What are security groups applied to?
Network interfaces
What would you do if you want multiple IPs in an instance to be impacted by different security groups?
you need to make multiple interfaces and apply different security groups to those interfaces
Define what are source and destination checks:
It is a check that discards traffic in the ENI interface when it does not come and go from/to the addresses associated with the EC2 instance.
What do you need to do in regards to the destination/source checks to use and EC2 instance as a NAT instance?
Disable the source/destination checks.
What is the only difference between primary and secondary interfaces?
Secondary interfaces function in all the same ways as primary interfaces except you can detach secondaty interfaces and move them to other EC2 instances.
What is a common use of ENIs related to licensing?
- Legacy software is licensed using a mac address. If you provision a secondary ENI to a specific license, you can move around the license to different EC2 instances.
Does the OS see the public IPv4?
No. This is handled by the NAT, transparent for the OS.
What can you do to avoid losing the public (dynamic) IPv4 when stopping and starting the instance?
you need to asign an elastic IP address
