after having reading official documentation and internet articles, I understand what it does but does not really understand in which case it would apply.
Does someone would have a concrete case of application to explain please ?
Good morning ,
one use case found is High Availability :
Two instances EC2 each one with the same HTTP server.
ENI cannot be conected to two instances at once .
We connect ENI to EC2(1) . EC2(1) fails, so we connect ENI to EC2(2).
But regarding solutions of HA , it is the worst one I have seen for years
Compared to AWS ELB, HA with Nginx , Round Robin DNS with two front firewall appliances.
Then another use case is using this ENI to connect to SSH port instead of using the same public IP which is used to connect to the HTTP server.
Remark 1) : Maybe it lowers a bit the surface attack but with robots even if SSH listens to another public IP , they will catch it fast
Remark 2) : Better to remove SSH service and access to the instance through the console port
Remark 3) : Or exposing SSH on local network , dedicate an Instance accessible from internet through a VPN and from there connect to the SSH server of EC2(1,2).
In conclusion : as devop admins we are trained to deploy automatic, auto scaling solutions using auto scaler, ELB …
With this solution we come back 20 years ago ? Or am I wrong ? And it so far away of AWS’s concepts that I am curious to know who would use this tool and for which use case. Maybe I am wrong and that for a specific situation this is the best tool to implement
I understand your concerns and skepticism regarding the use case you mentioned. The scenario you described with manually managing ENI and switching it between instances in case of failure is indeed not a recommended approach for achieving high availability in modern cloud architectures. It introduces complexities and potential points of failure.
Several services and features are specifically designed to achieve high availability and load balancing in a more automated and scalable manner, such as Elastic Load Balancer & Auto Scaling
Never the less, ENIs can be used to create network segmentation within AWS infrastructure. Here’s an example use case:
Public-Facing Network and Private Backend Network : You can create two separate ENIs, each attached to the same instance but associated with different subnets. One ENI can be associated with a public subnet, allowing incoming traffic from the internet, while the other ENI can be associated with a private subnet, providing access to backend services or databases. This segregation helps enhance security by isolating the public-facing components from the internal infrastructure.
You can attach multiple ENIs to a single instance, each with its own private IP address. This allows you to host multiple websites or applications on a single instance, where each application can have a dedicated IP address. This is particularly useful when you want to assign separate IP addresses for different services or applications running on the same instance.
ENIs can be utilized for capturing and monitoring network traffic
ENIs can be associated with Network Load Balancers to capture network traffic for monitoring, analysis, or troubleshooting purposes. You can configure the NLB to forward a copy of incoming traffic to a specific ENI attached to an instance. This allows you to capture and analyze the network traffic passing through that ENI, providing insights into application behavior, identifying performance issues, or detecting security threats.
thanks for your precious answer, it helped me to understand better scope of applications.
I will work on it and provide some comments along the week.
Have a good day