An elastic network interface (ENI) is a virtual network interface that can include the following attributes:
a primary private IP address
one or more secondary private IP addresses
one Elastic IP address per private IP address
one public IP address, which can be auto-assigned to the network interface for eth0 when you launch an instance, but only when you create a network interface for eth0 instead of using an existing network interface
one or more security groups
a MAC address
a source/destination check flag
You can create an ENI, attach it to an instance, detach it from an instance, and attach it to another instance. An ENI's attributes follow the ENI as it is attached or detached from an instance and reattached to another instance. When you move an ENI from one instance to another, network traffic is redirected to the new instance.
Each instance in your VPC has a default elastic network interface (the primary network interface) that is assigned a private IP address from the IP address range of your VPC. You cannot detach a primary network interface from an instance. You can create and attach an additional elastic network interface to any instance in your VPC. The number of ENIs you can attach varies by instance type. For more information, see Private IP Addresses Per ENI Per Instance Type in the Amazon EC2 User Guide for Linux Instances.
Attaching multiple ENIs to an instance is useful when you want to:
Create a management network.
Use network and security appliances in your VPC.
Create dual-homed instances with workloads/roles on distinct subnets.
Create a low-budget, high-availability solution.
For more information about ENIs, and step-by-step instructions for working with them using the Amazon EC2 console, see Elastic Network Interfaces in the Amazon EC2 User Guide for Linux Instances.