AWS Elastic Network Interface (ENI) | Overview & Hands-On.

An Overview & Hands-On for AWS Elastic Network Interface (ENI).

Focus:

• Tailored for SRE, DevOps, Cloud, and DevSecOps Engineers

Breakdown:

• Intro,
• Key Features and Attributes,
• Use Cases,
• Insights,
• Hands-On.

Intro:

• An AWS Elastic Network Interface (ENI) is a virtual networking component within an Amazon Virtual Private Cloud (VPC) that functions as a virtual network card for an Amazon EC2 instance. 
• An AWS Elastic Network Interface (ENI) is a fundamental building block for networking in AWS, enabling connectivity, security, and flexibility for cloud infrastructure.
• An Elastic Network Interface (ENI) in AWS is basically a virtual network card.
• It represents a network connection for an EC2 instance, with its own:

• Private IP address (primary and secondary)
• Public IP address (if applicable)
• MAC address (Media Access Control)
• Security Groups
• Subnet
• Description and tags

Key Features and Attributes

Virtual Representation: 

• An ENI is a logical component representing a network card, distinct from the physical hardware.

Decoupled Configuration: 

• It decouples network settings (such as IP addresses and security groups) from the compute instance itself. 
• This allows an ENI to be moved between instances, redirecting network traffic to the new instance.

Attributes: 

• An ENI can include several attributes:
• One or more primary and secondary private IPv4 addresses.
• One or more Elastic IP (EIP) addresses (public IPs).
• One or more IPv6 addresses.
• One or more security groups, which act as a virtual firewall to control traffic.
• A MAC address.
• Source/destination checking flag.
• twtech can attach or detach an ENI to/from EC2 instances on the fly (in the same Availability Zone).
• ENIs are super useful for high availability, failover, or moving network interfaces between instances.
• A primary ENI is created by default when twtech launches an EC2.
• twtech can create additional ENIs manually and attach multiple ENIs to a single EC2 (depending on instance type limits).
• Trunk interfaces can be used with ENIs for high-scale networking setups (like with containers).

Use Cases

High Availability/Failover: 

• The ability to quickly detach an ENI from one instance and attach it to another in a different Availability Zone facilitates rapid failover for high-availability setups.

Multi-homed Instances: 

• twtech can attach multiple ENIs to a single EC2 instance to be connected to different subnets (e.g., one to a public subnet and one to a private subnet).

Management Interfaces:

•  A secondary ENI can be used as a separate management network interface for isolation.

Secure Appliance Migration: 

• It is useful for managing network traffic for services like virtual firewalls or load balancers, where the network configuration needs to remain static while the underlying compute instance changes.

Specific Service Requirements:

•  AWS services such as Lambda, ECS, and App Runner use ENIs for their internal networking to manage communication within the VPC and to the internet.

Common use cases:

• Network appliances (e.g., firewalls, load balancers)
• Failover scenarios (move ENI to standby instance)
• Separation of traffic (different ENIs for front-end and back-end traffic)
• Multi-homed instances (connect to different subnets/VPCs via routing tricks)

For detailed steps on creating and managing network interfaces, refer to the official Amazon AWS Documentation.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

Insights:

•  It is the Logical component in a VPC that represents a virtual network card.
•  The ENI can have the following attributes.
•  It has one Primary private IPv4 and one or more secondary IPv4.
•  it has one Elastic IP (IPv4) per private IPv4.
•  it has one Public IPv4 and One or more security groups.
•  it has a MAC (Media Access Control) address.
• Failover happens when a system automatically switches to a backup or standby,
• The main system fails or goes down.
• ENI is bound to a specific availability zone (AZ).

Project: Hands-On

How twtech creates and attach an ENI to enabling connectivity, security, and flexibility for its cloud infrastructure.

Step-1:

• Go to aws ec2 services
• For this project twtech is Launching  two instances: twtech-db-servers

• Select one of the instance to configure the network interface and Key pair if twtech would later SSH into the instance

• Edit nwtework settings.
• Select a security group or create one.

• Verify summary and configure the number of instances preferred on launch. 

• Launch instance

Step-2:

• Verify on ec2 console that the instances are provisioned:

Step-3:

• Verify that the instances are created  with default ENI (elastic network interfaces): Yes

NB:

• Each interface contains:
• One Public IPv4 address, one Private IPv4 address and one Private IPv4 DNS
• Each instance has a distinct network interface.

• The default Elastic network interfaces (created with the instance)  are attached to instances.

Step-4:

• How, ENI can be managed.

Step-5:

• How twtech creates a new Elastic Network Interface (ENI)and attach to an existing instance:
• From Network UI click on: create network Interface

• Assign a name to the ENI: twtech-db-server1-ENI
•  Very import:
• Select the subnet that corresponds to instance AZ  that the instance would be attached later to.
• Also select the interface type:

• Auto assign Private IPv4 address:

• Attach a security group to the ENI:

• Add a tag and Create network interface:

Step-6:

Verify that the ENI is provision and Status is still available. 

Step-7:

• twtech needs to attach ENI to an instance to get it to used:
• Slectect the ENI created (the tag initially assing to ENI should guide in selection) and navigate to Action,
• From Action drop-down menu, select: attach

• Choose an instance to attach the ENI to:

• At this point  the status of the ENI changes to:  IN-USE:

Step-7:

• Verify that the ENI has also added Primary Private IPv4 address to the instance:

• NB:
• The ENI can be detached from one instance and attached to another instance.

Step-8:

• twtech detaches ENI from one instance and attach it to another instance:

• NB: 
• sometime, the Force detached is needed.

• Status of ENI changes back to:  Available:

Step-9:

• Again, twtech can attach the detached ENI to another instance in the same AZ.

• Successfully, twtech has created an ENI, attached to an instacne, detached the same ENI from an instance and attached to another instance in the same AZ.
• Status goes back to:  in-sue

twtech-insights:

• What happens to the ENI if the instance is terminated.?

• The default ENI that were created with the instances would be automatically detached, and deleted.
• However, the ENI that was create and attached to instance would stay:  available.
• NB:  
• it may take a couple of minutes for twtech to fully detache and delete any unwated ENI

From:

To:

Addendum:

 https://aws.amazon.com/blogs/aws/new-elastic-network-interfaces-in-the-virtual-private-cloud/

EC2 Hibernate (Pause instance & Resume Later) | Overview & Hands-On.

An Overview & Hands-On for EC2 Hibernate (Pause instance & Resume Later). 

Focus:

• Tailored for SRE, DevOps, Cloud, and DevSecOps Engineers

Breakdown:

• Intro,
• How EC2 Hibernate Works,
• Prerequisites and Limitations,
• Hibernation for an EC2 instance & specific conditions,
• How to Enable & Use EC2 Hibernate,
• Quick idea to remeber,
• Key things about EC2 Hibernate,
• Common use cases,
• Insights,
• Architecture diagram,
• Hands-On

Intro:

• EC2 hibernate is an Amazon Web Services feature that allows twtech to stop and then resume an EC2 instance, preserving its in-memory state (RAM) to an encrypted Amazon Elastic Block Store (EBS) root volume.
• This enables faster restarts and allows applications to pick up exactly where they left off.
• EC2 Hibernate is a feature in AWS EC2 that actually pauses an instances and resume it later.
• Think of EC2 Hibernate as putting a laptop to sleep instead of shutting it down.

How EC2 Hibernate Works

• When an instance is hibernated, the operating system is signaled to perform a suspend-to-disk action. 
• The contents of the instance's RAM are saved to a pre-configured, encrypted EBS root volume. 
• The instance then shuts down and enters a stopped state. 
• When the instance is restarted, the saved RAM content is loaded back into memory, allowing the instance to resume from its prior state.
• While an instance is hibernated (in a stopped state), twtech pay only for the attached EBS volumes and Elastic IP addresses; there are no charges for instance usage time.

Prerequisites and Limitations

To use hibernation for an EC2 instance, specific conditions must be met: 

Enablement at Launch: 

• Hibernation must be explicitly enabled when launching the instance; it cannot be enabled later.

Encrypted Root Volume:

•  The root EBS volume must be encrypted to ensure the protection of sensitive data copied from memory.

Supported Instance Types and AMIs:

•  The feature is available for specific instance types (e.g., M5, R5, T2) and operating systems (e.g., Amazon Linux 2, Ubuntu, Windows Server).

Memory Limit:

•  An instance cannot be hibernated if it has more than 150 GB of RAM.

Stateless Workloads:

•  For stateless applications like web servers or microservices, it is often better to use standard stop/start or Auto Scaling features. 
• Hibernation is best suited for stateful workloads, such as databases or ML jobs, that benefit from state preservation.

How to Enable and Use EC2 Hibernate

Launch Instance:

•  In the "Launch an instance" wizard within the Amazon EC2 console, navigate to the Advanced Details section.

Enable Hibernation:

•  Under the Stop - Hibernate behavior setting, select Enable.

Ensure Encryption:

•  Confirm that the root EBS volume is encrypted during the storage configuration step.

Hibernate:

•  Once the instance is running, twtech can select it in the dashboard, choose Instance state, and then select Hibernate instance

Quick idea to remember:

• When twtech hibernates an EC2 instance, AWS saves the contents of the RAM (memory) to twtech instance’s root EBS volume.
• When twtech start the instance again, it loads the RAM contents back — so all twtech processes, in-memory data, and open sessions are exactly as they were.
• It's faster than a full reboot and twtech doesn't lose any in-progress data.

Key things about EC2 Hibernate:

• It only works on instances with EBS root volumes (not instance store).
• RAM limit: up to 150 GB.
• twtech need to enable hibernation at instance launch…so it can just turn it on later.

NB:

• twtech is charged for the EBS storage and any other attached resources while the instance is hibernated, but it is not charged for compute time (since the instance isn’t running).

Common use cases:

• Use Spot instances where twtech wants fast recovery.
• For Long-running applications that twtech wants to pause and resume.
• For Development environments that twtech doesn't want to restart from scratch every time.

twtech-Insights:

•   EC2 Hibernate Supports Instance Families like: C3, C4, C5, I3, M3, M4, R3, R4, T2, T3...
•   The Instance RAM Size should be less than 150 GB.
•   The Instance Size is not supported for bare metal instances.
•   EC2 Hibernate works for these AMI:  Amazon Linux 2, Linux AMI, Ubuntu, RHEL, CentOS & Window.
•   The Root Volume should be EBS, encrypted, not instance store, and large.
• EC2 Hibernate is available for On-Demand, Reserved and Spot Instances.

  NB:

•  Instances can NOT be hibernated more than 60 days. 

Architecture diagram

Project:Hands-On

How twtech launches an instance with Hibernating feature enabled,

Step-1:

• Go to EC2 instance console and launch instance.

•  Selected OS for this project: Redhat

• twtech must Select the keypair or create one,  if it would subsequently SSH into the instance

• Configure the advance feature of the EBS volume:

• Configure to encrypt the EBS volume with aws key

• Go to instance advance details and navigate to: Stop-Hibernate behavior / select enable

Step-2:

• Connect (ssh) to instance  and run the uptime command to see how long the instance has been runnig: uptime

NB:

The follow uptime command in Linux (and Unix-like systems) shows how long the system has been running, along with other basic information like the number of users and the system load averages.

#  bash

uptime

output:

01:08:03 up 8 min,  1 user,  load average: 0.00, 0.03, 0.01

• twteck explanation of what each part of output means:
• 01:08:03 → Current system time.
• up 8 min → The system has been running for 8 minutes.
• 1 user → There is 1 user currently logged in to the system.
• load average:0.00, 0.03, 0.01 → The system load averages for the last 0, 3, and 1 minutes.

 Step-3:

• twtech hibernates the instance eventually.
• Select the instance, then go to instance state / Hibernate instance

• Confirm hibernation:

NB:

• The stopped instance has data stored on the ebs volume.

• twtech may restart the instance at any time and its data will synchronize from the ebs volume to the Ram.

 Step-4:

• Wait until instance status is fully initialized : it may take a couple of minutes for data to synchronize from EBS to the RAM.

From

To:

• twtech successufly created and hibernated its webs server