#StackBounty: #networking #amazon-ec2 #amazon-web-services #virtualization #amazon-vpc Are multiple ENIs ever required for AWS EC2 inst…

Bounty: 50

AWS allows you to attach multiple elastic network interfaces (ENIs) to an EC2 instance. Other than “making it look like an on-prem server”, are there any cases where multiple ENIs are actually required?

I’ve considered the reasons one would do this in an on-prem environment, but none of these seem to apply to AWS:

  • Link aggregation
  • Link redundancy
  • Separate management interfaces
  • In-line IDS/IPS
  • In-line firewall

The AWS implied router always “sits” between each ENI and everything else, so it isn’t possible to place another instance (running, say, a sniffer) in-line.

Amazon’s own documentation isn’t even clear on why you’d want multiple ENIs on an instance. It just says multiple interfaces are “useful when you want to:”

Create a management network.
Use network and security appliances in your VPC.
Create dual-homed instances with workloads/roles on distinct subnets.
Create a low-budget, high-availability solution.

But it doesn’t explain why ENIs are required or even desirable for those use-cases. (It’s obvious multiple ENIs would be required for dual-homed instances on different subnets, but it doesn’t explain why you’d ever want a dual-homed instance in the first place).

The only use-case I can come up with is an instance running containers (i.e. Docker) and you want to map individual containers to host IP addresses in different subnets.

What are the use-cases for multiple ENIs, if any?

Get this bounty!!!