An ENI is a virtual network card attached to your EC2 instance. It is what gives your instance a network identity — IP address, MAC address, and security group rules all live on the ENI, not on the instance itself.

Think of it like a SIM card in a phone. The SIM holds your number (IP address). If the phone breaks, you pull the SIM out and put it in a new phone. Same number, new device, everything still works.

What ENI Contains

• Private IP address (e.g. 10.0.1.50)
• Public IP address (optional)
• MAC address
• Security group associations
• Can hold multiple private IPs

Default vs Custom ENI

Default behavior (AWS managed):

Launch EC2   → ENI created automatically
Terminate EC2 → ENI deleted automatically

You do not control this ENI. It lives and dies with the instance.

Custom ENI (you create it):

Create ENI independently
    |
Attach to EC2 instance
    |
If EC2 fails → detach ENI → attach to new EC2
    |
Network traffic follows the ENI to the new instance

With a custom ENI, you own it separately from any instance. You can move it around freely.

Why This Matters — The Failover Use Case

This is the main reason you would create your own ENI.