EC2 Instance Uses Multiple ENIs

Overview

This control examines whether an EC2 instance utilizes multiple Elastic Network Interfaces (ENIs) or Elastic Fabric Adapters (EFAs). It succeeds when a single network adapter is in use. An optional parameter list is available to specify allowed ENIs. The control also fails if an EC2 instance, part of an Amazon EKS cluster, employs more than one ENI.

You can suppress these findings if necessary for Amazon EKS cluster requirements.

The use of multiple ENIs can lead to dual-homed instances with multiple subnets, introducing network security complexities and unintended network paths and access.

Vendor

AWS

Cloud Service

EC2

EC2.17

Severity

Item Types

AWS::EC2::Instance

Overview​

Vendor​

Cloud Service​

Related Controls​

Severity​

Item Types​

Overview

Vendor

Cloud Service

Related Controls

Severity

Item Types