EC2 Network Interface, IP and DNS Flashcards
What is an EC2 network interface (ENI)?
An EC2 network interface (ENI) is a virtual network interface that you can attach to an instance in a VPC. ENIs allow you to configure a secondary private IP, associate elastic IP addresses, and more.
How can ENIs be used to enhance security?
ENIs can enhance security by providing physical isolation between the management and data traffic within a VPC. This allows for the creation of management networks, application networks, and secure zones.
What are the types of IP addresses available to EC2 instances?
EC2 instances can have several types of IP addresses: a primary private IP address, one or more secondary private IP addresses, an Elastic IP address (EIP), and a public IP address.
What is the difference between a public IP and an Elastic IP address?
A public IP address is dynamically assigned to an instance and changes when the instance is stopped and restarted. An Elastic IP address is a static IP address that is reserved by a user and can be associated with any instance in their account.
How does DNS resolution work for EC2 instances?
AWS provides a public DNS name for EC2 instances which resolves to the public IP address outside the VPC and to the private IP address inside the VPC. Custom DNS domains can also be configured using Route 53 or another DNS service.
Why might you assign multiple IP addresses to an ENI?
Assigning multiple IP addresses to an ENI can be useful for hosting multiple websites on a single server, network / application isolation, or to allow applications to bind to specific IP addresses.
What is the purpose of assigning Elastic IP addresses to EC2 instances?
Elastic IP addresses are designed to provide a static IP for instances that require a persistent public IP address that does not change across restarts. They are useful for services like DNS, or for applications that need to whitelist IP addresses.
How can you protect against the accidental disassociation of an Elastic IP?
To protect against the accidental disassociation of an Elastic IP, use AWS Identity and Access Management (IAM) policies to restrict who can detach Elastic IPs, and set up CloudWatch alarms to monitor and alert if an Elastic IP is disassociated.
What are secondary private IP addresses used for?
Secondary private IP addresses can be used for high availability clustering, network interfaces with multiple IP addresses for hosting different services, or reassigning an IP address to another interface in the same VPC.
How does AWS Route 53 integrate with EC2?
AWS Route 53 can be used to create DNS records that point to EC2 instances, either directly through A records that point to an instance’s IP address, or through alias records that point to an EC2 instance’s DNS name, providing seamless integration for domain name resolution.
