AWS Networking & Content Delivery

AWS Direct Connect

5 min read
Updated June 23, 2025
5,665 characters

AWS Direct Connect: A Comprehensive Cheat Sheet

What is AWS Direct Connect?

AWS Direct Connect is a cloud networking service that provides a dedicated, private network connection between your on-premises datacenter, office, or colocation environment and AWS. By bypassing the public internet, Direct Connect can reduce network costs, increase bandwidth throughput, and provide a more consistent, low-latency network experience. It establishes a private connection using a standard Ethernet fiber-optic cable.

Connection Models: Dedicated vs. Hosted

The first step in using Direct Connect is to choose a connection model.

  • Dedicated Connection:

    • What it is: A physical Ethernet port dedicated entirely to a single customer. You order this directly from AWS.

    • Port Speeds: High bandwidth options of 1 Gbps, 10 Gbps, 100 Gbps, and 400 Gbps.

    • Use Case: Best for organizations with high, consistent bandwidth requirements and those who want to manage their own physical connection to AWS.

    • VIFs: Supports multiple Virtual Interfaces (VIFs) on a single connection.

  • Hosted Connection:

    • What it is: A connection provisioned for you by an AWS Direct Connect Partner. The partner has an established network link to AWS, and they carve out a logical connection for you.

    • Port Speeds: Offers more granular, sub-rate speeds, typically ranging from 50 Mbps up to 10 Gbps.

    • Use Case: Ideal for businesses that don't need a full 1 Gbps+ dedicated port, require more flexible bandwidth options, or cannot meet at a Direct Connect location.

    • VIFs: Historically limited to a single VIF per hosted connection, but this can vary by partner.

Core Components and Concepts

Virtual Interfaces (VIFs): The Key to Connectivity

A Virtual Interface is a necessary component for using your Direct Connect connection. It configures how traffic is routed over your private line to access AWS services.

Private VIF

  • Purpose: To access resources inside your Amazon VPC using their private IP addresses.

  • Connectivity: Connects your on-premises network directly to a single VPC via a Virtual Private Gateway (VGW). To connect to multiple VPCs, you must use a Direct Connect Gateway.

Public VIF

  • Purpose: To access all AWS public services using their public IP addresses.

  • Connectivity: Allows you to connect to public endpoints for services like Amazon S3, DynamoDB, and CloudWatch in any AWS region (except China). You must advertise your public IP prefixes over BGP.

Transit VIF

  • Purpose: To connect to one or more AWS Transit Gateways associated with a Direct Connect Gateway.

  • Connectivity: This is the modern, scalable way to connect your on-premises network to thousands of VPCs across multiple AWS regions. It simplifies network management significantly compared to using numerous Private VIFs. The MTU can be set to 1500 or 8500 (jumbo frames).

Direct Connect Gateway

A Direct Connect Gateway is a global resource that enables you to use a single Direct Connect connection to connect to any VPC in any commercial AWS Region (except China).

  • How it works: You associate a Private VIF or a Transit VIF with the Direct Connect Gateway. Then, you associate Virtual Private Gateways (for VPCs) or Transit Gateways with the Direct Connect Gateway. This allows for a scalable, hub-and-spoke connectivity model.

A LAG is a logical interface that uses the Link Aggregation Control Protocol (LACP) to aggregate multiple physical connections at a single Direct Connect endpoint, allowing you to treat them as a single, managed connection.

  • Purpose: To increase available bandwidth and provide resiliency.

  • How it works: All connections in a LAG operate in an Active/Active mode. If one connection fails, traffic is automatically rerouted over the remaining connections.

  • Constraints:

    • All connections in a LAG must be dedicated connections and have the same bandwidth (1G or 10G).

    • You can have a maximum of four connections in a LAG.

    • All connections must terminate at the same AWS Direct Connect endpoint.

Common Use Cases

  • Hybrid Environments: Create a seamless extension of your on-premises network into the AWS cloud.

  • Large Data Transfers: Efficiently move large datasets, such as for backups, migrations, or big data processing, without being constrained by internet bandwidth.

  • Real-Time Applications: Provide low-latency connectivity for applications that require a stable, real-time data feed, such as voice and video services.

Resiliency and High Availability

For production workloads, relying on a single Direct Connect connection is not recommended. The AWS Direct Connect Resiliency Toolkit helps you choose and configure a model that meets your uptime SLA objective by using multiple connections, often terminating at different Direct Connect locations.

Monitoring and Security

  • Security: Use AWS Identity and Access Management (IAM) to control who can view and manage your Direct Connect resources. Note that traffic over Direct Connect is private but not encrypted by default; you can implement MACsec for point-to-point encryption or run a VPN over Direct Connect for end-to-end encryption.

  • Monitoring:

    • Amazon CloudWatch: Monitor the operational metrics of your Direct Connect connection, such as light levels, connection state, and data throughput.

    • AWS CloudTrail: Log and audit all API calls made to the Direct Connect service.

📚 Recommended AWS Resources

AWS Certified Solutions Architect Study Guide
Complete preparation for AWS certification exams
AWS Cookbook
Practical recipes for AWS cloud solutions
As an Amazon Associate, we earn from qualifying purchases.
Back to All