AWS Direct Connect is an aws cloud service, that establishes a dedicated network connection from your on-premises DC to the AWS Environment. This will helps you to connect securely with the AWS resources like Amazon EC2, RDS, S3, etc.. from the on-premises datacenters, offices or colocation environment through a private connection.

Direct Connection

There are mainly two types of connection,

Dedicated Connection:

This is a physical Ethernet connection associated with a single customer. You can create a dedicated connection from the AWS console as shown below.

Once you have created the dedicated connection, you need to download ‘LOA-CFA’ from direct connect console and complete your cross-network connection with the help of the service provider. For more information click here.

Hosted Connection:

This is also a physical Ethernet connection, It will provision by the AWS Direct Connect Partner.

You can select any of the service providers depends on the availability to create a hosted connection. Once you had created the connection from the AWS console, you need to contact with service provider for connection availability. Once the hosted connection is ready, you need to accept the connection from the console.

Virtual Interface

To use Direct Connection with the aws resources, you need to create a virtual interface (VIF). If you are using a dedicated connection, you can create multiple VIF from the AWS console. You can also create a VIF with in the same account called as Standard VIF or with another AWS account called Hosted VIF. In the Hosted Direct Connection type, the AWS Direct Connect Partner creates VIF for you.

Types of VIF:

Private virtual interface:

Private VIF is used to create access to Amazon VPC using the private IP address. Private VIF’s are created either using a virtual private gateway or with a direct connect gateway. Using virtual private gateway type, you can associate only a single Amazon VPC to the private VIF, while using with direct connect gateway type, you can associate multiple Amazon VPC’s to the single or multiple private VIF.

Before moving to the creation of the private VIF, you should create a virtual private gateway or a direct connect gateway.

Public virtual interface:

Public VIF is used to access all public AWS services like S3 using public IP addresses.

Transit virtual interface:

Transit VIF used to connect AWS Transit Gateways with Direct Connect Gateway. Before creating the transit VIF you should create a direct connect gateway.

Once you are done with VIF creation, download the router configuration and share it with your service provider to make VIF available.

LAG

Link Aggregation Group (LAG) is a logical interface used to combine multiple direct connect connections into a single connection using Link Aggregation Control Protocol. This will mainly help to increase the Bandwidth.

Direct Connect Gateway

Using Direct Connect Gateway you can associate multiple virtual private gateways and transit gateways into a single or multiple private VIF or to a transit VIF. A Direct Connect Gateway is a globally available resource. The association of the virtual private gateways and transit gateways into the direct connect gateway, can be done from the same account or across the accounts.

Once you have created the direct connect gateway, you need to create a single or multiple VIF’s as mentioned above.

Virtual Private Gateway Associations:

As mentioned above, you can associate virtual private gateways to the direct connect gateway within the same account or across the account.

Virtual Private Gateway Associations — the same account:

Create Amazon VPC’s in region A and region B, once you have completed VPC creations, next you need to create a virtual private gateway for both the VPC’s. For more information to create a virtual private gateway click here.

To associate the virtual private gateway, go to the Direct Connect gateway → click on Gateway association tab → Associate gateway

On the Gateway association page, you can see all the virtual private gateways of that account. Select the appropriate gateway and specify the VPC CIDR ranges to advertise through direct connect gateway.

Virtual Private Gateway Associations — across the account:

To associate virtual private gateways across the account, you need to create Amazon VPC’s in multiple AWS accounts, then create virtual private gateways for all the Amazon VPC’s as shown below.

To associate the virtual private gateway of account A, go to the Direct Connect page of account A → click virtual private gateways plane → go to the appropriate virtual private gateway.

From the next page, click on the Direct Connect gateway association tab → Associate Direct Connect gateway.

From the association page, you need to select the Account owner as Another account, then provide the information of the direct connect gateway as shown below.

Note: Here Direct Connect gateway is in account D

You can associate up to 10 virtual private gateways per direct connect gateway.

Transit Gateway Associations

To associate the transit gateway, you need to create transit gateway from the AWS Console, CLI or through API. To know more information about AWS Transit Gateway click here.

Once you have done with the transit gateway, create a direct connect gateway with transit VIF as discussed above.

Transit Gateway Associations — the same account:

Create Amazon VPC’s and transit gateway in the region A, attach all the VPC’s into the transit gateway as shown below. To know more about creation and attachment of VPC’s to the transit gateway click here.

Once you have done with the above steps, you need to go to the Direct Connect page from the console → click Transit Gateways

Click on the transit gateway id → Direct Connect gateway association → Associate Direct Connect gateway

From the association page, select as My Account and select the direct connect gateway from the list and specify the VPC CIDR to advertise through direct connect gateway.

Transit Gateway Associations — across the account:

Create Amazon VPC’s in the multiple AWS accounts and here, created a transit gateway in account B, attach all the VPC’s into the transit gateway as shown below. To know more about creation and attachment of across account Amazon VPC’s into the transit gateway click here.

Once you have done with VPC’s and transit gateway creation as shown in the above figure, go the Direct Connect console of the account B → Transit gateways →click the transit gateway →Direct Connect gateway association → Associate Direct Connect gateway.

Select the Account owner as Another account and provide the direct connect gateway ID from the account D and also specify the account ID of the account D as shown above.

You can associate 3 transit gateways per direct connect gateway. To know more about the limitation of the Direct Connect click here.

Conclusion

Using Direct Connect service, you establish private link connectivity between AWS environment and your on-premises DC with secure, low latency, elasticity, and low bandwidth cost.