Create a secondary ENI for an ECS instance - Elastic Compute Service

You can use elastic network interfaces (ENIs) to deploy high-availability clusters and perform cost-effective failover and fine-grained network management. You can create a secondary ENI separately or together with an Elastic Compute Service (ECS) instance. This topic describes how to separately create a secondary ENI.

Prerequisites

A virtual private cloud (VPC) is created in a region, and a vSwitch is created in the VPC. For more information, see Create and manage a VPC and Create and manage a vSwitch.
A security group is created in the VPC. For more information, see Create a security group.

Note

ECS limits the maximum number of secondary ENIs that can be created in a single region. To view the limit, go to the Quota Center console. You can apply to increase the limit based on your business requirements. For more information, see Manage quotas.

Background information

To create a secondary ENI, you can use one of the following methods:

Create a secondary ENI together with an ECS instance.
When you create an ECS instance in the ECS console, you can add ENIs to the ECS instance. The ENIs are automatically assigned IP addresses and bound to the ECS instance without the need to perform additional operations. You can add up to two ENIs: a primary ENI and a secondary ENI. If the secondary ENI is bound to the instance before you release the instance, the secondary ENI is released together with the instance.
Separately create a secondary ENI.
To better manage and extend the network capabilities of instances, you can separately create secondary ENIs for the instances. The network capabilities include adding private IP addresses, building high-availability network environments, creating dedicated network traffic, and isolating network environments. Separately created ENIs are secondary ENIs that can be bound to instances.

Procedure

Log on to the ECS console.
In the left-side navigation pane, choose Network & Security > Elastic Network Interfaces.
In the top navigation bar, select the region and resource group to which the resource belongs.
Click Create ENI.

On the Create ENI page, configure the parameters that are described in the following table.

Parameter	Description
ENI Name	Enter a name for the ENI.
VPC	Select a VPC. If you want to bind the created ENI to an instance, select the VPC in which the instance resides. After you create an ENI, you cannot change the VPC to which the ENI belongs. Note An ENI can be bound to only an instance that is in the same VPC as the ENI.
vSwitch	Select a vSwitch. If you want to bind the created ENI to an instance, select a vSwitch that is in the same zone as the instance. After you create an ENI, you cannot change the vSwitch to which the ENI is connected. Note An ENI can be bound to only an instance that is in the same zone as the ENI. The instance and the ENI can be connected to different vSwitches.
Security Group	Select security groups in the selected VPC. You can select up to five security groups. Note You cannot select basic security groups and advanced security groups at the same time.
Primary Private IP Address	(Optional) Enter an IPv4 address as the primary private IP address of the ENI. The IPv4 address must be an idle IP address within the CIDR block of the selected vSwitch. If you do not specify an IPv4 address, an idle private IPv4 address is automatically assigned to the ENI after the ENI is created.
Secondary Private IPv4 Address	(Optional) Specify secondary private IP addresses for the ENI. Not Assign: No secondary private IP addresses are assigned to the ENI. Auto-assign: Enter an integer in the range of 1 to 9 as the number of secondary private IP addresses that you want to assign to the ENI. The system automatically assigns the specified number of idle IP addresses from within the CIDR block of the selected vSwitch to the ENI. Specify IPv4 Address: Manually assign secondary private IP addresses to the ENI. You can specify up to nine secondary private IP addresses.
Description	(Optional) Enter a description for the ENI for easy management.
Resource Group	(Optional) Select a resource group. You can add resources that are owned by multiple accounts and assigned to multiple projects to resource groups for easy management. For more information about resource groups, see Resource groups.
Tag	(Optional) Select one or more tags that you want to add to the ENI for easy search and management. For more information about tags, see Overview.

Click Create ENI.
If Available is displayed in the Status column of the ENI on the Elastic Network Interfaces page, the secondary ENI is created.

What to do next

After you separately create a secondary ENI, you can bind the ENI to an ECS instance. For more information, see Bind a secondary ENI.

References

You can call the CreateNetworkInterface operation to create an ENI. For more information, see CreateNetworkInterface.