You can use elastic network interfaces (ENIs) to deploy high-availability clusters and perform cost-effective failover and fine-grained network management. You can modify ENI attributes, unbind ENIs from Elastic Compute Service (ECS) instances, or delete ENIs in the ECS console or by calling API operations.
Modify ENI attributes
You can modify the attributes of an elastic network interface (ENI) based on your business requirements. For a secondary ENI, you can change the name, description, and associated security groups. For the primary ENI, you can change only the name and description. To change the security groups associated with the primary ENI, you must change the security groups associated with the Elastic Compute Service (ECS) instance to which the ENI is bound.
Considerations
When you replace the security groups associated with an ENI, take note of the following items:
Security group rules in the security groups associated with an ECS instance apply to the primary ENI bound to the instance. If you want to replace the security groups associated with the primary ENI, you can replace the security groups associated with the ECS instance to which the primary ENI is bound. For more information, see the Add an ECS instance to or remove an ECS instance from security groups or replace the security groups of an ECS instance section of the "Associate security groups with an instance (primary ENI)" topic.
A secondary ENI must be associated with at least one security group. Each secondary ENI of an ECS instance can be associated with a limited number of security groups. For more information, see the Security groups section of the "Limits" topic.
The secondary ENIs of an ECS instance and the security groups to which you want to add the secondary ENIs must use the same network type. If the secondary ENIs of the ECS instance and the security groups use the VPC network type, they must belong to the same VPC.
A secondary ENI can be added only to security groups that are of the same type (basic or advanced). For more information, see Basic security groups and advanced security groups.
Procedure
You can change the names and descriptions of the primary and secondary ENIs, and the security groups associated with the secondary ENIs in the ECS console or by calling an API operation.
Use the ECS console
In the top navigation bar, select the region and resource group of the resource that you want to manage.
Click the ID of the ENI whose attributes you want to modify to go to the ENI details page.
ENI Name: Click the
icon and follow the on-screen instructions to specify a new ENI name.
Description: Click the
icon and follow the on-screen instructions to specify a new ENI description.
Change Security Groups: Click Change Security Groups. In the Change Security Groups dialog box, select new security groups to which you want to add the ENI or delete the security groups from which you want to remove the ENI. Retain at least one security group associated with the ENI.
Call an API operation
You can call the ModifyNetworkInterfaceAttribute operation to change the name, description, and associated security groups of an ENI. For more information, see ModifyNetworkInterfaceAttribute.
You can call the DescribeNetworkInterfaceAttribute operation to query the attributes of the ENI specified by NetworkInterfaceId.
Unbind an ENI
On an ECS instance to which multiple ENIs are bound, you can unbind a secondary ENI from the instance if you no longer require the ENI.
Prerequisites
The primary ENI cannot be unbound from an instance and is automatically released when the instance is released.
The ECS instance from which you want to unbind a secondary ENI is in the Stopped or Running state.
If the instance type of an ECS instance does not support hot swapping of secondary ENIs, you can unbind secondary ENIs from the instance only after you stop the instance.
If elastic Remote Direct Memory Access (eRDMA) is enabled for the secondary ENI that you want to unbind, you must check whether applications are using eRDMA. If applications are using eRDMA, you must stop the applications. The eRDMA kernel module cannot unbind the eRDMA-enabled secondary ENI if you do not stop user-mode applications that are using eRDMA. An eRDMA-enabled secondary ENI is also referred to as a secondary elastic RDMA interface (ERI).
Procedure
Use the ECS console
In the top navigation bar, select the region and resource group of the resource that you want to manage.
Find the secondary ENI that you want to unbind and is in the InUse state and click Unbind from Instance in the Operation column.
In the Unbind from Instance message, confirm the information and click Confirm.
If the status of the ENI changes to Available after you refresh the ENI list, the ENI is unbound from the instance.
Call an API operation
To unbind an ENI from an ECS instance, call the DetachNetworkInterface operation and set the NetworkInterfaceId parameter to the ID of the ENI that you want to unbind and the InstanceId parameter to the ID of the instance from which you want to unbind the ENI.
If you used the network configuration file to configure the ENI and released the ENI from an instance, we recommend that you delete or modify the ENI configuration file and then restart the network service. This ensures the consistent ENI information on the instance. For more information, see Method 2: Modify network interface configuration files.
After you unbind the ENI from the ECS instance, you can bind the ENI to a different ECS instance in the same virtual private cloud (VPC) and zone. When you create an instance, you can select an ENI in the Available state in the same VPC and zone as the instance and bind the ENI to the instance as the primary or secondary ENI. This allows you to reuse the ENI resources, such as network configurations and ENI features. For information about how to bind an ENI to an instance, see the Bind an ENI to an instance section in the "Create and use an ENI" topic.
Manage ENIs by tag
The increasing number of cloud resources leads to more complex management difficulties. To better manage your resources, configure tags to classify and tag resources that have the same characteristics, such as ENIs that belong to the same organization or serve the same purpose.
You can use tags to easily retrieve resources and perform fine-grained resource management. For information about how to use tags, the resources that support tags, and the limits on tags, see Tags and the "Tag limits" section of the Limits topic.
Procedure
In the top navigation bar, select the region and resource group of the resource that you want to manage.
Find the ENI whose tags you want to manage, move the pointer over the
icon in the Tag column, and then click Edit to configure tags.
In the Configure Tags dialog box, select a tag key and a tag value or enter a new tag key and a new tag value, and then click OK.
Delete an ENI
If you no longer require an ENI, unbind the ENI from an instance and delete the ENI to prevent resource wastes.
Prerequisites
The ENI that you want to delete is in the Available state.
The primary ENI cannot be unbound from an instance and is automatically released when the instance is released.
If a secondary ENI that you want to delete is bound to an ECS instance, unbind the secondary ENI from the instance. For more information, see the Unbind an ENI section of this topic.
Considerations
For an ENI for which you enable the Release with Instance feature, the ENI can be deleted along with the instance when the instance is released if the ENI is never unbound from the instance.
After you delete an ENI, the system automatically removes the ENI from all associated security groups and reclaims all private IP addresses of the ENI.
The elastic IP addresses (EIPs) associated with an ENI is retained after the ENI is deleted. If you no longer require an EIP, separately release the EIP. After the EIP is released, billing for the EIP stops. For more information, see Release a pay-as-you-go EIP.
Procedure
Use the ECS console
In the top navigation bar, select the region and resource group of the resource that you want to manage.
Find the ENI that you want to delete and is in the Available state and choose
in the Operation column.In the message that appears, click OK.
On the Elastic Network Interfaces page, refresh the ENI list. If the ENI is deleted, the ENI is no longer displayed.
Call an API operation
To delete an ENI, call the DeleteNetworkInterface operation and set the NetworkInterfaceId parameter to the ID of the ENI that you want to delete.