AWS::EC2::NetworkInterface - Amazon CloudFormation
SyntaxPropertiesReturn valuesExamplesSee also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::EC2::NetworkInterface

Describes a network interface in an Amazon EC2 instance for Amazon CloudFormation.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::EC2::NetworkInterface",
  "Properties" : {
      "Description" : String,
      "GroupSet" : [ String, ... ],
      "InterfaceType" : String,
      "Ipv6AddressCount" : Integer,
      "Ipv6Addresses" : [ InstanceIpv6Address, ... ],
      "PrivateIpAddress" : String,
      "PrivateIpAddresses" : [ PrivateIpAddressSpecification, ... ],
      "SecondaryPrivateIpAddressCount" : Integer,
      "SourceDestCheck" : Boolean,
      "SubnetId" : String,
      "Tags" : [ Tag, ... ]
    }
}

YAML

Type: AWS::EC2::NetworkInterface
Properties: 
  Description: String
  GroupSet: 
    - String
  InterfaceType: String
  Ipv6AddressCount: Integer
  Ipv6Addresses: 
    - InstanceIpv6Address
  PrivateIpAddress: String
  PrivateIpAddresses: 
    - PrivateIpAddressSpecification
  SecondaryPrivateIpAddressCount: Integer
  SourceDestCheck: Boolean
  SubnetId: String
  Tags: 
    - Tag

Properties

Description

A description for the network interface.

Required: No

Type: String

Update requires: No interruption

GroupSet

The security group IDs associated with this network interface.

Required: No

Type: List of String

Update requires: No interruption

InterfaceType

The type of network interface. The default is interface. The supported values are efa and trunk.

Required: No

Type: String

Allowed values: branch | efa | trunk

Update requires: Replacement

Ipv6AddressCount

The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. To specify specific IPv6 addresses, use the Ipv6Addresses property and don't specify this property.

Required: No

Type: Integer

Update requires: No interruption

Ipv6Addresses

One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet to associate with the network interface. If you're specifying a number of IPv6 addresses, use the Ipv6AddressCount property and don't specify this property.

Required: No

Type: List of InstanceIpv6Address

Update requires: No interruption

PrivateIpAddress

Assigns a single private IP address to the network interface, which is used as the primary private IP address. If you want to specify multiple private IP address, use the PrivateIpAddresses property.

Required: No

Type: String

Update requires: Replacement

PrivateIpAddresses

Assigns private IP addresses to the network interface. You can specify a primary private IP address by setting the value of the Primary property to true in the PrivateIpAddressSpecification property. If you want EC2 to automatically assign private IP addresses, use the SecondaryPrivateIpAddressCount property and do not specify this property.

Required: No

Type: List of PrivateIpAddressSpecification

Update requires: Some interruptions

SecondaryPrivateIpAddressCount

The number of secondary private IPv4 addresses to assign to a network interface. When you specify a number of secondary IPv4 addresses, Amazon EC2 selects these IP addresses within the subnet's IPv4 CIDR range. You can't specify this option and specify more than one private IP address using privateIpAddresses.

You can't specify a count of private IPv4 addresses if you've specified one of the following: specific private IPv4 addresses, specific IPv4 prefixes, or a count of IPv4 prefixes.

Required: No

Type: Integer

Update requires: No interruption

SourceDestCheck

Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.

Required: No

Type: Boolean

Update requires: No interruption

SubnetId

The ID of the subnet to associate with the network interface.

Required: Yes

Type: String

Update requires: Replacement

Tags

An arbitrary set of tags (key-value pairs) for this network interface.

Required: No

Type: List of Tag

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Reffunction, Refreturns the ID of the network interface.

For more information about using the Reffunction, see Ref.

Fn::GetAtt

The Fn::GetAttintrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAttintrinsic function, see Fn::GetAtt.

Id

The ID of the network interface.

PrimaryPrivateIpAddress

The primary private IP address of the network interface. For example, 10.0.0.192.

SecondaryPrivateIpAddresses

The secondary private IP addresses of the network interface. For example, ["10.0.0.161", "10.0.0.162", "10.0.0.163"].

Examples

Basic network interface

This example creates a standalone elastic network interface (ENI). To learn how to attach this network interface to an instance at launch, see the next example on this page.

JSON

"myENI" : {
   "Type" : "AWS::EC2::NetworkInterface",
   "Properties" : {
      "Tags": [{"Key":"stack","Value":"production"}],
      "Description": "A nice description.",
      "SourceDestCheck": "false",
      "GroupSet": ["sg-75zzz219"],
      "SubnetId": "subnet-3z648z53",
      "PrivateIpAddress": "10.0.0.16"
   }
}

YAML

   myENI:
      Type: AWS::EC2::NetworkInterface
      Properties:
         Tags:
         - Key: stack
           Value: production
         Description: A nice description.
         SourceDestCheck: 'false'
         GroupSet:
         - sg-75zzz219
         SubnetId: subnet-3z648z53
         PrivateIpAddress: 10.0.0.16

Attach a network interface to an EC2 instance at launch

This example attaches a network interface to an EC2 instance. You can use the NetworkInterface property to add more than one network interface. However, you can specify multiple network interfaces if they all have only private IP addresses (no associated public IP address). If you have a network interface with a public IP address, specify when you launch the instance and then use AWS::EC2::NetworkInterfaceAttachment to attach the additional network interfaces.

JSON

"Ec2Instance" : {
   "Type" : "AWS::EC2::Instance",
   "Properties" : {
      "ImageId" : { "Fn::FindInMap" : [ "RegionMap", { "Ref" : "AWS::Region" }, "AMI" ]},
      "KeyName" : { "Ref" : "KeyName" },
      "SecurityGroupIds" : [{ "Ref" : "WebSecurityGroup" }],
      "SubnetId" : { "Ref" : "SubnetId" },
      "NetworkInterfaces" : [ {
         "NetworkInterfaceId" : {"Ref" : "myENI"}, "DeviceIndex" : "1" } ],
      "Tags" : [ {"Key" : "Role", "Value" : "Test Instance"}],
      "UserData" : { "Fn::Base64" : { "Ref" : "WebServerPort" }}
   }
}

YAML

Ec2Instance:
   Type: AWS::EC2::Instance
   Properties:
      ImageId:
         Fn::FindInMap:
         - RegionMap
         - Ref: AWS::Region
         - AMI
      KeyName:
         Ref: KeyName
      SecurityGroupIds:
      - Ref: WebSecurityGroup
      SubnetId:
         Ref: SubnetId
      NetworkInterfaces:
      - NetworkInterfaceId:
         Ref: myENI
        DeviceIndex: '1'
      Tags:
      - Key: Role
        Value: Test Instance
      UserData:
         Fn::Base64:
            Ref: WebServerPort

See also