AWS::EC2::NetworkInterface - AWS CloudFormation (original) (raw)
Describes a network interface in an Amazon EC2 instance for AWS CloudFormation.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{
"Type" : "AWS::EC2::NetworkInterface",
"Properties" : {
"ConnectionTrackingSpecification" : ConnectionTrackingSpecification,
"Description" : String,
"EnablePrimaryIpv6" : Boolean,
"GroupSet" : [ String, ... ],
"InterfaceType" : String,
"Ipv4PrefixCount" : Integer,
"Ipv4Prefixes" : [ Ipv4PrefixSpecification, ... ],
"Ipv6AddressCount" : Integer,
"Ipv6Addresses" : [ InstanceIpv6Address, ... ],
"Ipv6PrefixCount" : Integer,
"Ipv6Prefixes" : [ Ipv6PrefixSpecification, ... ],
"PrivateIpAddress" : String,
"PrivateIpAddresses" : [ PrivateIpAddressSpecification, ... ],
"SecondaryPrivateIpAddressCount" : Integer,
"SourceDestCheck" : Boolean,
"SubnetId" : String,
"Tags" : [ Tag, ... ]
}
}
Properties
ConnectionTrackingSpecification
A connection tracking specification for the network interface.
Required: No
Type: ConnectionTrackingSpecification
Update requires: Some interruptions
Description
A description for the network interface.
Required: No
Type: String
Update requires: No interruption
EnablePrimaryIpv6
If you’re modifying a network interface in a dual-stack or IPv6-only subnet, you have the option to assign a primary IPv6 IP address. A primary IPv6 address is an IPv6 GUA address associated with an ENI that you have enabled to use a primary IPv6 address. Use this option if the instance that this ENI will be attached to relies on its IPv6 address not changing. AWS will automatically assign an IPv6 address associated with the ENI attached to your instance to be the primary IPv6 address. Once you enable an IPv6 GUA address to be a primary IPv6, you cannot disable it. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. If you have multiple IPv6 addresses associated with an ENI attached to your instance and you enable a primary IPv6 address, the first IPv6 GUA address associated with the ENI becomes the primary IPv6 address.
Required: No
Type: Boolean
Update requires: Some interruptions
GroupSet
The IDs of the security groups associated with this network interface.
Required: No
Type: Array of String
Update requires: No interruption
InterfaceType
The type of network interface. The default is interface. The supported values are efa and trunk.
Required: No
Type: String
Allowed values: efa | efa-only | branch | trunk
Update requires: Replacement
Ipv4PrefixCount
The number of IPv4 prefixes to be automatically assigned to the network interface.
When creating a network interface, you can't specify a count of IPv4 prefixes if you've specified one of the following: specific IPv4 prefixes, specific private IPv4 addresses, or a count of private IPv4 addresses.
Required: No
Type: Integer
Update requires: No interruption
Ipv4Prefixes
The IPv4 delegated prefixes that are assigned to the network interface.
When creating a network interface, you can't specify IPv4 prefixes if you've specified one of the following: a count of IPv4 prefixes, specific private IPv4 addresses, or a count of private IPv4 addresses.
Required: No
Type: Array of Ipv4PrefixSpecification
Update requires: No interruption
Ipv6AddressCount
The number of IPv6 addresses to assign to the network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. To specify specific IPv6 addresses, use the Ipv6Addresses property and don't specify this property.
When creating a network interface, you can't specify a count of IPv6 addresses if you've specified one of the following: specific IPv6 addresses, specific IPv6 prefixes, or a count of IPv6 prefixes.
Required: No
Type: Integer
Update requires: No interruption
Ipv6Addresses
The IPv6 addresses from the IPv6 CIDR block range of your subnet to assign to the network interface. If you're specifying a number of IPv6 addresses, use the Ipv6AddressCount property and don't specify this property.
When creating a network interface, you can't specify IPv6 addresses if you've specified one of the following: a count of IPv6 addresses, specific IPv6 prefixes, or a count of IPv6 prefixes.
Required: No
Type: Array of InstanceIpv6Address
Update requires: No interruption
Ipv6PrefixCount
The number of IPv6 prefixes to be automatically assigned to the network interface.
When creating a network interface, you can't specify a count of IPv6 prefixes if you've specified one of the following: specific IPv6 prefixes, specific IPv6 addresses, or a count of IPv6 addresses.
Required: No
Type: Integer
Update requires: No interruption
Ipv6Prefixes
The IPv6 delegated prefixes that are assigned to the network interface.
When creating a network interface, you can't specify IPv6 prefixes if you've specified one of the following: a count of IPv6 prefixes, specific IPv6 addresses, or a count of IPv6 addresses.
Required: No
Type: Array of Ipv6PrefixSpecification
Update requires: No interruption
PrivateIpAddress
The private IPv4 address to assign to the network interface as the primary private IP address. If you want to specify multiple private IP addresses, use the PrivateIpAddresses property.
Required: No
Type: String
Update requires: Replacement
PrivateIpAddresses
The private IPv4 addresses to assign to the network interface. You can specify a primary private IP address by setting the value of the Primary property to true in the PrivateIpAddressSpecification property. If you want EC2 to automatically assign private IP addresses, use theSecondaryPrivateIpAddressCount property and do not specify this property.
When creating a network interface, you can't specify private IPv4 addresses if you've specified one of the following: a count of private IPv4 addresses, specific IPv4 prefixes, or a count of IPv4 prefixes.
Required: No
Type: Array of PrivateIpAddressSpecification
Update requires: Some interruptions
SecondaryPrivateIpAddressCount
The number of secondary private IPv4 addresses to assign to a network interface. When you specify a number of secondary IPv4 addresses, Amazon EC2 selects these IP addresses within the subnet's IPv4 CIDR range. You can't specify this option and specify more than one private IP address using privateIpAddresses.
When creating a Network Interface, you can't specify a count of private IPv4 addresses if you've specified one of the following: specific private IPv4 addresses, specific IPv4 prefixes, or a count of IPv4 prefixes.
Required: No
Type: Integer
Update requires: No interruption
SourceDestCheck
Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value istrue, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.
Required: No
Type: Boolean
Update requires: No interruption
SubnetId
The ID of the subnet to associate with the network interface.
Required: Yes
Type: String
Update requires: Replacement
Tags
The tags to apply to the network interface.
Required: No
Type: Array of Tag
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the ID of the network interface.
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
Id
The ID of the network interface.
PrimaryIpv6Address
The primary IPv6 address of the network interface.
PrimaryPrivateIpAddress
The primary private IP address of the network interface. For example,10.0.0.192.
SecondaryPrivateIpAddresses
The secondary private IP addresses of the network interface. For example,["10.0.0.161", "10.0.0.162", "10.0.0.163"].
VpcId
The ID of the VPC.
Examples
Basic network interface
This example creates a standalone elastic network interface (ENI). To learn how to attach this network interface to an instance at launch, see the next example on this page.
JSON
"myENI" : {
"Type" : "AWS::EC2::NetworkInterface",
"Properties" : {
"Tags": [{"Key":"stack","Value":"production"}],
"Description": "A nice description.",
"SourceDestCheck": "false",
"GroupSet": ["sg-75zzz219"],
"SubnetId": "subnet-3z648z53",
"PrivateIpAddress": "10.0.0.16"
}
}YAML
myENI:
Type: AWS::EC2::NetworkInterface
Properties:
Tags:
- Key: stack
Value: production
Description: A nice description.
SourceDestCheck: 'false'
GroupSet:
- sg-75zzz219
SubnetId: subnet-3z648z53
PrivateIpAddress: 10.0.0.16Attach a network interface to an EC2 instance at launch
This example attaches a network interface to an EC2 instance. You can use the NetworkInterface property to add more than one network interface. However, you can specify multiple network interfaces if they all have only private IP addresses (no associated public IP address). If you have a network interface with a public IP address, specify when you launch the instance and then useAWS::EC2::NetworkInterfaceAttachment to attach the additional network interfaces.
JSON
"Ec2Instance" : {
"Type" : "AWS::EC2::Instance",
"Properties" : {
"ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
"KeyName" : { "Ref" : "KeyName" },
"SecurityGroupIds" : [{ "Ref" : "WebSecurityGroup" }],
"SubnetId" : { "Ref" : "SubnetId" },
"NetworkInterfaces" : [ {
"NetworkInterfaceId" : {"Ref" : "myENI"}, "DeviceIndex" : "1" } ],
"Tags" : [ {"Key" : "Role", "Value" : "Test Instance"}],
"UserData" : { "Fn::Base64" : { "Ref" : "WebServerPort" }}
}
}YAML
Ec2Instance:
Type: AWS::EC2::Instance
Properties:
ImageId:
Fn::FindInMap:
- RegionMap
- Ref: AWS::Region
- AMI
KeyName:
Ref: KeyName
SecurityGroupIds:
- Ref: WebSecurityGroup
SubnetId:
Ref: SubnetId
NetworkInterfaces:
- NetworkInterfaceId:
Ref: myENI
DeviceIndex: '1'
Tags:
- Key: Role
Value: Test Instance
UserData:
Fn::Base64:
Ref: WebServerPortSee also
- NetworkInterface in the Amazon EC2 API Reference