Direct Connect

Learn to connect your VPCs with on-premises data centers using a private network of Direct Connect (DX).

We'll cover the following

AWS DX components
Virtual interfaces
AWS DX network requirements
- Connection types
- Encryption and resiliency
AWS Direct Connect gateway

AWS Direct Connect is a dedicated private connection from our remote or on-premises network to the VPC. It uses the AWS Direct Connect locationphysical locations available all over the world where DX is available and accessible to connect the VPC in an AWS Region to the remote network. We also need to create a Virtual Private Gateway in our VPC to allow the communication between the AWS Direct Connect and VPC. The connection established by the Direct Connect location allows us to access private resources (EC2 instances) and public resources (Amazon S3 and Glacier) on the same connection.

The illustration below shows the high-level architecture of Direct Connect.

Press + to interact

The illustration depicts that our data center is connected to the partner router, partner router is connected to the AWS Direct Connect endpoint, which is then connected to the VGW. Black lines show the private connection (private VIFs), while blue lines show the public connection (public VIFs).

AWS DX components

There are two main components of DX: Connections and Virtual Interfaces. Connections manage the connectivity from on-premises locations to the AWS Region, and Virtual Interfaces (VIFs) enable access to the AWS services.

Virtual interfaces

There are three types of Virtual Interfaces (VIFs); we must create one to use the AWS Direct Connect.

Private virtual interface: This is used to access private AWS resources using a private IP address.
Public virtual interface: This is used to access all the public AWS resources using a public IP address.
Transit virtual interface: This accesses the Transit Gateways connected with the AWS Direct Connect Gateway. We can also use Transit VIF with both dedicated or hosted connections.

AWS DX network requirements

Here are some network requirements that must be met to use Direct Connect.

DX supports only 802.1Q VLAN encapsulation—all the resources that are a part of the connection to link our network to the AWS must support 802.1Q.
For AWS Direct Connect locations, we have three options to choose from.
- Collocating with the existing AWS Direct Connect location: We are responsible for setting up connections between the on-premises network, Direct Connect location, and AWS.
- Working with AWS Direct Connect Partners: If we select a partner from the AWS Partner Networks (APN), the DX partner will provide the necessary equipment. We usually need to set up a physical connection from the on-premises network to the DX partner’s equipment in this option. The DX partner manages the rest.
- Direct Connect node: A direct connection is established from the on-premises location to the DX node. We are responsible for setting up all the equipment from our location to the DX node.
AWS supports three types of ethernet connections which are 1 Gbps, 10 Gbps, and 100 Gbps. The ethernet connection must be single-mode fiber.
AWS DX supports both IPv4 and IPv6 protocols.

Connection types

AWS Direct Connect supports two ethernet connections to create a dedicated network connection between our on-premises network and VPC.

Dedicated connection: A physical connection given to a single customer. We have to request AWS for the dedicated connection. The bandwidth can be 1 Gbps, 10 Gbps, or 100 Gbps.
Hosted connection: A physical connection that can be requested using the AWS Direct Connect Partner. The capacity can be added or removed on our demand.

Note: The overall time to create a new connection of either type is usually more than one month. So, if you are asked to develop a solution to transfer the data in a short time, then you can’t use AWS Direct Connect.

Encryption and resiliency

Although AWS Direct Connect is a private connection, the data in transition is not encrypted. We can add a VPN to our connection to encrypt the data and make it an IPsec-encrypted private connection.

We have two types of resiliency models in Direct Connect, and the selection depends on our use case, whether we want high resilience or maximum resilience.

In high resiliency, we create single connections from AWS to multiple locations.
In maximum resiliency, two separate connections are created for separate devices in more than one location.

Press + to interact

Get hands-on with 1300+ tech skills courses.

Introduction

AWS Fundamentals

Understanding Cloud Computing Essentials— From Zero to Hero

Identity and Access Management

Securing AWS Resources: Managing Access with IAM

AWS IAM Permission Boundaries

Using AWS IAM Access Analyzer

Compute Services

Understanding AWS Compute Services — From Zero to Hero

Amazon EC2: Elastic Compute Cloud

Working with Instances: An Amazon EC2 Walkthrough

Managing Instance Volumes Using EBS

Networking

Understanding Networking Services in AWS—From Zero to Hero

Controlling VPC Traffic Using Network ACLs

Managing Peer Connections between Amazon Virtual Private Clouds

Accessing AWS Services over AWS PrivateLink Using VPC Endpoints

Monitoring IP Traffic Using VPC Flow Logs

Route 53

Serverless Computing

Getting to Know AWS Lambda

Building and Deploying Serverless Applications with AWS SAM

Developing RESTful Microservices with API Gateway and DynamoDB

Building a WebSocket-Based Chat Application Using API Gateway

Mastering AWS AppSync Lambda Resolvers

Application Integration

Getting Started with Amazon Simple Queue Service (SQS)

Handling Amazon SNS Notifications with AWS Lambda

Build a Fanout Serverless Architecture using SNS, SQS, and Lambda

Decoupling Serverless Applications with Amazon EventBridge

Getting Started with AWS Step Functions

Containers

Getting Started with Amazon ECS

Create an EKS Cluster and Deploy an Application

High Availability and Scalability

Managing Application Traffic Using Elastic Load Balancers

Understanding Auto Scaling Group (ASG) in AWS

Mastering Amazon EC2 Dynamic Scaling Policies

Storage

Understanding AWS Storage Options—From Zero to Hero

Simple Storage Service (S3)

Working with AWS S3 Cross-Region Replication

Resizing Images with S3 Batch Operations and AWS Lambda

Managing Data Access with Amazon S3 Access Points

File Storage and Transfer

Getting Started with Amazon FSx for Windows File Server

Databases

Working with Relational Databases: A Beginner's Guide to AWS RDS

Getting Started with Amazon Aurora Database Engine

Working with NoSQL Databases: A Beginner's Guide to AWS DynamoDB

Exploring Graphs with Amazon Neptune

Getting Started with Amazon Keyspaces

Achieving Ultra-Fast Performance Using Amazon MemoryDB for Redis

Improving Database Performance with Amazon ElastiCache for Redis

Migration and Transfer

Use of AWS Database Migration Service from Aurora MySQL to S3

Security and Compliance

Getting Started with AWS Key Management Service (KMS)

Encrypting S3 Buckets and EBS Volumes Using KMS

Protecting Web Applications Using AWS WAF

Managing Aurora DB Credentials and API Keys Using Secrets Manager

Finding Vulnerabilities on EC2 Instances Using AWS Inspector

Deployment Services

Mastering AWS Deployment Services—From Zero to Hero

CloudFormation

Getting to Know AWS CloudFormation

AWS CloudFormation Updates: Change Sets and Stack Policies

Mastering AWS CloudFormation Helper Scripts

Machine Learning

Understanding Machine Learning Services on AWS—From Zero to Hero

Deploying a Machine Learning Model with Amazon SageMaker

Getting Started with Amazon Fraud Detector

Build an Educative Chatbot with Conversational AI Using AWS Lex

Content Delivery and Optimization

Analytics

Analyzing S3 Data and CloudTrail Logs Using Amazon Athena

Getting Started with Amazon EMR

Getting Started with Amazon Redshift

Building ETL Pipelines on AWS

Create a Data Lake with Lake Formation and Analyze It with Athena