EC2 Network interfaces, instance IPs and DNS

Question 1

how many ENIs does an EC2 instance have?

Answer 1

It starts with 1 ENI

Question 2

Can EC2 instances have more than one ENI?

Answer 2

Yes, they can have more than one ENI in separate subnets, but everything must be within one AZ.

Question 3

When you launch an instance with Security Groups, where are they allocated?

Answer 3

To the ENI, not to the instance.

Question 4

Enumerate some ENI properties

Answer 4

• Mac address
• Primary IPv4
• 0 or more secondary private IP addresses
• 0 or 1 public IPv4

Question 5

Can the private IP of an instance change?

Answer 5

No, it will be static and not change for the lifetime of the instance

Question 6

What is given with the private IP?

Answer 6

A private DNS name

Question 7

How many private IPs can an instance have associated?

Answer 7

0 or more

Question 8

How many public IPs can an instance have associated?

Answer 8

0 or 1

Question 9

What is given with the public IP?

Answer 9

A public DNS name

Question 10

Can the public IP of an instance change?

Answer 10

This is a dynamic IP that is not fixed

Question 11

In which cases will the public IP be removed from the instance?

Answer 11

If you stop an instance. When you start up again, it is given a brand new IPv4 address.

Question 12

What happens to the public IP when you restart the instance?

Answer 12

The public IP will not change.

Question 13

Changing between EC2 hosts will…

Answer 13

Change the public IP of the instance.

Question 14

What is the public DNS name resolved into?

Answer 14

The Public DNS name will resolve to the primary public IPv4 address of the instance

Question 15

What is the private DNS name resolved into?

Answer 15

The Public DNS name will resolve to the primary private IPv4 address of the instance

Question 16

What happens if you are using a public IPv4 and assign an elastic IP?

Answer 16

The original IPv4 address will be lost. There is no way to recover the original address.

Question 17

How many IPv6 IPs can you assign to an ENI interface?

Answer 17

0 or more

Question 18

What are security groups applied to?

Answer 18

Network interfaces

Question 19

What would you do if you want multiple IPs in an instance to be impacted by different security groups?

Answer 19

you need to make multiple interfaces and apply different security groups to those interfaces

Question 20

Define what are source and destination checks:

Answer 20

It is a check that discards traffic in the ENI interface when it does not come and go from/to the addresses associated with the EC2 instance.

Question 21

What do you need to do in regards to the destination/source checks to use and EC2 instance as a NAT instance?

Answer 21

Disable the source/destination checks.

Question 22

What is the only difference between primary and secondary interfaces?

Answer 22

Secondary interfaces function in all the same ways as primary interfaces except you can detach secondaty interfaces and move them to other EC2 instances.

Question 23

What is a common use of ENIs related to licensing?

Answer 23

• Legacy software is licensed using a mac address. If you provision a secondary ENI to a specific license, you can move around the license to different EC2 instances.

Question 24

Does the OS see the public IPv4?

Answer 24

No. This is handled by the NAT, transparent for the OS.

Question 25

What can you do to avoid losing the public (dynamic) IPv4 when stopping and starting the instance?

Answer 25

you need to asign an elastic IP address