I require different levels of access for my application that is installed on an EC2 instance.
I have configured an ENI for the same purpose.
Which of the following statement is incorrect?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A.
Option A is CORRECT.
The primary ENI of an instance cannot be detached from the instance.
By default, the primary ENI is created with the creation of the EC2 instance & deleted when the instance is terminated.
Option B is incorrect since an EC2 instance may require restricted access to certain IP addresses.
This can be achieved by creating a new ENI & attaching a Public IP & Security Group restricting permissions.
Option C is incorrect.
Secondary ENI's that are created can be detached from the instance to which it is attached to & attached to another instance within the same subnet.
The Private IP then gets allocated to the second instance to which it is attached currently.
Option D is incorrect.
ENI's are subnet specific.
So for attaching an Elastic IP to an instance in a different subnet, I need to first release it to the pool by dissociating it from an attached instance.
This way, I can attach the Elastic IP to an instance in a different subnet.
References:
https://youtu.be/Zg8rMLE88mg https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.htmlAs per the given scenario, you have an EC2 instance and you have configured an ENI (Elastic Network Interface) to provide different levels of access for your application. An ENI is a logical networking component in a VPC (Virtual Private Cloud) that represents a virtual network interface card that you can attach to an instance in a VPC.
Let's review each answer option:
A. I can detach the primary ENI of my EC2 instance and connect it to another instance for moving its Elastic IP
This statement is correct. An Elastic IP is a static, public IP address that you can allocate to your AWS account and associate with your instance's ENI. If you want to move the Elastic IP address from one instance to another, you can detach the primary ENI from the first instance and attach it to the second instance. This will move the Elastic IP address along with the ENI to the new instance.
B. I can configure a Security Group for my ENI and restrict traffic to the EC2 instance
This statement is also correct. You can configure a security group for your ENI and control the inbound and outbound traffic to and from your instance. By configuring the security group for your ENI, you can restrict the traffic to your EC2 instance at a more granular level than by just configuring the security group for your instance.
C. I can detach a secondary ENI containing a Private IP from one EC2 instance and attach it to another
This statement is also correct. You can detach a secondary ENI containing a private IP address from one instance and attach it to another instance in the same VPC. This can be useful in scenarios where you want to move a network interface to a different instance without having to reconfigure the IP addresses and networking settings.
D. I can attach an Elastic IP to an EC2 instance in another subnet by releasing it from the ENI in the current subnet to which it is currently attached to.
This statement is incorrect. An Elastic IP can only be associated with an ENI in the same subnet as the instance. You cannot attach an Elastic IP to an instance in a different subnet by releasing it from the ENI in the current subnet. If you want to associate an Elastic IP with an instance in a different subnet, you need to allocate a new Elastic IP and associate it with an ENI in the same subnet as the instance.
Therefore, the incorrect statement is option D.