AWS Direct Connect
User Guide (API Version 2013-10-22)

What is AWS Direct Connect?

AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard 1 gigabit or 10 gigabit Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an AWS Direct Connect router. With this connection in place, you can create virtual interfaces directly to the AWS cloud (for example, to Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3)) and to Amazon Virtual Private Cloud (Amazon VPC), bypassing Internet service providers in your network path. An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with, as well as access to other US regions. For example, you can provision a single connection to any AWS Direct Connect location in the US and use it to access public AWS services in all US Regions and AWS GovCloud (US).

The following diagram shows how AWS Direct Connect interfaces with your network.

AWS Direct Connect


To use AWS Direct Connect, your network must meet one of the following conditions:

  • Your network is colocated with an existing AWS Direct Connect location. For more information on available AWS Direct Connect locations, go to

  • You are working with an AWS Direct Connect partner who is a member of the AWS Partner Network (APN). For a list of AWS Direct Connect partners who can help you connect, go to

  • You are working with an independent service provider to connect to AWS Direct Connect.

In addition, your network must meet the following conditions:

  • Connections to AWS Direct Connect require single mode fiber, 1000BASE-LX (1310nm) for 1 gigabit Ethernet, or 10GBASE-LR (1310nm) for 10 gigabit Ethernet. Auto Negotiation for the port must be disabled. You must support 802.1Q VLANs across these connections.

  • Your network must support Border Gateway Protocol (BGP) and BGP MD5 authentication. Optionally, you may configure Bidirectional Forwarding Detection (BFD).

To connect to Amazon Virtual Private Cloud (Amazon VPC), you must first do the following:

  • Provide a private Autonomous System Number (ASN). Amazon allocates a private IP address in the 169.x.x.x range to you.

  • Create a virtual private gateway and attach it to your VPC. For more information about creating a virtual private gateway, see Adding a Hardware Virtual Private Gateway to Your VPC in the Amazon VPC User Guide.

To connect to public AWS products such as Amazon EC2 and Amazon S3, you need to provide the following:

  • A public ASN that you own (preferred) or a private ASN.

  • Public IP addresses for the BGP session (/31 for each end of the BPG session). If you do not have public IP addresses to assign to this connection, log on to AWS and then open a ticket with AWS Support.

  • The public routes that you will advertise over BGP.

AWS Direct Connect Limits

The following table lists the limits related to AWS Direct Connect. Unless indicated otherwise, you can request an increase for any of these limits by using the AWS Direct Connect Limits form.


Virtual interfaces per AWS Direct Connect connection


This limit can be increased upon request.

Active AWS Direct Connect connections per region per account


This limit can be increased upon request.

Routes per Border Gateway Protocol (BGP) session


This limit cannot be increased.

How Do I... Relevant Topics

Get a general product overview and information about pricing

AWS Direct Connect product information

Sign up for AWS Direct Connect and configure a connection

Getting Started at an AWS Direct Connect Location

Work with AWS Direct Connect connections

Working With AWS Direct Connect Connections

Calculate monthly costs


Troubleshoot issues with AWS Direct Connect

Troubleshooting AWS Direct Connect