Work with EFA - Amazon Elastic Compute Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Work with EFA

You can create, use, and manage an EFA much like any other elastic network interface in Amazon EC2. However, unlike elastic network interfaces, EFAs cannot be attached to or detached from an instance in a running state.

EFA requirements

To use an EFA, you must do the following:

Create an EFA

You can create an EFA in a subnet in a VPC. You can't move the EFA to another subnet after it's created, and you can only attach it to stopped instances in the same Availability Zone.

To create a new EFA using the console
  1. Open the Amazon EC2 console at https://console.amazonaws.cn/ec2/.

  2. In the navigation pane, choose Network Interfaces.

  3. Choose Create Network Interface.

  4. For Description, enter a descriptive name for the EFA.

  5. For Subnet, select the subnet in which to create the EFA.

  6. For Private IP, enter the primary private IPv4 address. If you don't specify an IPv4 address, we select an available private IPv4 address from the selected subnet.

  7. (IPv6 only) If you selected a subnet that has an associated IPv6 CIDR block, you can optionally specify an IPv6 address in the IPv6 IP field.

  8. For Security groups, select one or more security groups.

  9. For EFA, choose Enabled.

  10. Choose Yes, Create.

To create a new EFA using the Amazon CLI

Use the create-network-interface command and for interface-type, specify efa, as shown in the following example.

aws ec2 create-network-interface --subnet-id subnet-01234567890 --description example_efa --interface-type efa

Attach an EFA to a stopped instance

You can attach an EFA to any supported instance that is in the stopped state. You cannot attach an EFA to an instance that is in the running state. For more information about the supported instance types, see Supported instance types.

You attach an EFA to an instance in the same way that you attach a network interface to an instance. For more information, see Attach a network interface to an instance.

Attach an EFA when launching an instance

To attach an existing EFA when launching an instance (Amazon CLI)

Use the run-instances command and for NetworkInterfaceId, specify the ID of the EFA, as shown in the following example.

aws ec2 run-instances --image-id ami_id --count 1 --instance-type c5n.18xlarge --key-name my_key_pair --network-interfaces DeviceIndex=0,NetworkInterfaceId=efa_id,Groups=sg_id,SubnetId=subnet_id
To attach a new EFA when launching an instance (Amazon CLI)

Use the run-instances command and for InterfaceType, specify efa, as shown in the following example.

aws ec2 run-instances --image-id ami_id --count 1 --instance-type c5n.18xlarge --key-name my_key_pair --network-interfaces DeviceIndex=0,InterfaceType=efa,Groups=sg_id,SubnetId=subnet_id

Add an EFA to a launch template

You can create a launch template that contains the configuration information needed to launch EFA-enabled instances. To create an EFA-enabled launch template, create a new launch template and specify a supported instance type, your EFA-enabled AMI, and an EFA-enabled security group. For more information, see Get started with EFA and MPI.

You can leverage launch templates to launch EFA-enabled instances with other Amazon services, such as Amazon Batch or Amazon ParallelCluster.

For more information about creating launch templates, see Create a launch template.

Manage IP addresses for an EFA

You can change the IP addresses associated with an EFA. If you have an Elastic IP address, you can associate it with an EFA. If your EFA is provisioned in a subnet that has an associated IPv6 CIDR block, you can assign one or more IPv6 addresses to the EFA.

You assign an Elastic IP (IPv4) and IPv6 address to an EFA in the same way that you assign an IP address to an elastic network interface. For more information, see Managing IP addresses.

Change the security group for an EFA

You can change the security group that is associated with an EFA. To enable OS-bypass functionality, the EFA must be a member of a security group that allows all inbound and outbound traffic to and from the security group itself.

You change the security group that is associated with an EFA in the same way that you change the security group that is associated with an elastic network interface. For more information, see Changing the security group.

Detach an EFA

To detach an EFA from an instance, you must first stop the instance. You cannot detach an EFA from an instance that is in the running state.

You detach an EFA from an instance in the same way that you detach an elastic network interface from an instance. For more information, see Detach a network interface from an instance.

View EFAs

You can view all of the EFAs in your account.

You view EFAs in the same way that you view elastic network interfaces. For more information, see View details about a network interface.

Delete an EFA

To delete an EFA, you must first detach it from the instance. You cannot delete an EFA while it is attached to an instance.

You delete EFAs in the same way that you delete elastic network interfaces. For more information, see Delete a network interface.