Menu
AWS Direct Connect
User Guide

Direct Connect Gateways

You can use an AWS Direct Connect gateway to connect your AWS Direct Connect connection over a private virtual interface to one or more VPCs in your account that are located in the same or different regions. You associate a Direct Connect gateway with the virtual private gateway for the VPC, and then create a private virtual interface for your AWS Direct Connect connection to the Direct Connect gateway. You can attach multiple private virtual interfaces to your Direct Connect gateway.

A Direct Connect gateway is a globally available resource. You can create the Direct Connect gateway in any public region and access it from all other public regions.

In the following diagram, the Direct Connect gateway enables you to use your AWS Direct Connect connection in the US East (N. Virginia) region to access VPCs in your account in both the US East (N. Virginia) and US West (N. California) regions.


            Direct connect gateway

The following rules apply:

  • You cannot use a Direct Connect gateway to connect to a VPC in the China (Beijing) region.

  • You cannot use a Direct Connect gateway to connect to a VPC in a different AWS account.

  • There are limits for creating and using Direct Connect gateways. For more information, see AWS Direct Connect Limits.

  • The VPCs to which you connect through a Direct Connect gateway cannot have overlapping CIDR blocks. If you add an IPv4 CIDR block to a VPC that's associated with a Direct Connect gateway, ensure that the CIDR block does not overlap with an existing CIDR block for any other associated VPC. For more information, see Adding IPv4 CIDR Blocks to a VPC in the Amazon VPC User Guide.

  • You cannot create a public virtual interface to a Direct Connect gateway.

  • A Direct Connect gateway supports communication between attached private virtual interfaces and associated virtual private gateways only. The following traffic flows are not supported:

    • Direct communication between the VPCs that are associated with the Direct Connect gateway.

    • Direct communication between the virtual interfaces that are attached to the Direct Connect gateway.

    • Direct communication between a virtual interface attached to a Direct Connect gateway and a VPN connection on a virtual private gateway that's associated with the same Direct Connect gateway.

  • You cannot associate a virtual private gateway with more than one Direct Connect gateway and you cannot attach a private virtual interface to more than one Direct Connect gateway.

  • A virtual private gateway that you associate with a Direct Connect gateway must be attached to a VPC.

  • You cannot tag a Direct Connect gateway.

To connect your AWS Direct Connect connection to a VPC in the same region only, you can create a Direct Connect gateway or you can create a private virtual interface and attach it to the virtual private gateway for the VPC. For more information, see Creating a Private Virtual Interface and VPN CloudHub.

Creating a Direct Connect Gateway

You can create a Direct Connect gateway in any supported public region.

To create a Direct Connect gateway

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

  2. In the navigation pane, choose Direct Connect Gateways.

  3. Choose Create Direct Connect Gateway.

  4. Specify the following information, and choose Create.

    • Name: Enter a name to help you identify the Direct Connect gateway.

    • Amazon side ASN: Specify the ASN for the Amazon side of the BGP session. The ASN must be in the 64,512 to 65,534 range or 4,200,000,000 to 4,294,967,294 range.

To create a Direct Connect gateway using the command line or API

Associating and Disassociating Virtual Private Gateways

To associate a virtual private gateway with a Direct Connect gateway, you must be in the region in which the virtual private gateway is located. The virtual private gateway must be attached to the VPC to which you want to connect. For more information, see Create a Virtual Private Gateway in the Amazon VPC User Guide.

To associate a virtual private gateway

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

  2. Use the region selector to select the region in which your virtual private gateway is located.

  3. In the navigation pane, choose Direct Connect Gateways and select the Direct Connect gateway.

  4. Choose Actions, Associate Virtual Private Gateway.

  5. Select the virtual private gateways to associate, and choose Associate.

You can view all the virtual private gateways in all regions that are associated with the Direct Connect gateway by choosing Virtual Gateway Associations. To disassociate a virtual private gateway from a Direct Connect gateway, you must be in the region in which the virtual private gateway is located.

To disassociate a virtual private gateway

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

  2. Use the region selector to switch to the region in which your virtual private gateway is located.

  3. In the navigation pane, choose Direct Connect Gateways and select the Direct Connect gateway.

  4. Choose Actions, Disassociate Virtual Private Gateway.

  5. Select the virtual private gateways to disassociate, and choose Disassociate.

To associate a virtual private gateway using the command line or API

To view the virtual private gateways associated with a Direct Connect gateway using the command line or API

To disassociate a virtual private gateway using the command line or API

Creating a Private Virtual Interface to the Direct Connect Gateway

To connect your AWS Direct Connect connection to the remote VPC, you must create a private virtual interface for your connection and specify the Direct Connect gateway to which to connect.

To provision a private virtual interface to a Direct Connect gateway

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

  2. In the navigation pane, choose Connections, select the connection to use, and choose Actions, Create Virtual Interface.

  3. In the Create a Virtual Interface pane, select Private.

    
                        Create a Virtual Interface screen
  4. Under Define Your New Private Virtual Interface, do the following and choose Continue:

    1. For Virtual Interface Name, enter a name for the virtual interface.

    2. For Virtual Interface Owner, select the My AWS Account option if the virtual interface is for your AWS account.

    3. For Connection To, choose Direct Connect Gateway and select the Direct Connect gateway.

    4. For VLAN, enter the ID number for your virtual local area network (VLAN).

    5. If you're configuring an IPv4 BGP peer, choose IPv4, and do the following:

      • To have AWS generate your router IP address and Amazon IP address, select Auto-generate peer IPs.

      • To specify these IP addresses yourself, clear the Auto-generate peer IPs check box. For Your router peer IP, enter the destination IPv4 CIDR address to which Amazon should send traffic. For Amazon router peer IP, enter the IPv4 CIDR address to use to send traffic to AWS.

    6. If you're configuring an IPv6 BGP peer, choose IPv6. The peer IPv6 addresses are automatically assigned from Amazon's pool of IPv6 addresses. You cannot specify custom IPv6 addresses.

    7. For BGP ASN, enter the Border Gateway Protocol (BGP) Autonomous System Number (ASN) of your gateway.

    8. To have AWS generate a BGP key, select the Auto-generate BGP key check box .

      To provide your own BGP key, clear the Auto-generate BGP key check box. For BGP Authentication Key, enter your BGP MD5 key.

After you've created the virtual interface, you can download the router configuration for your device. For more information, see Downloading the Router Configuration File.

To create a private virtual interface using the command line or API

To view the virtual interfaces that are attached to a Direct Connect gateway using the command line or API

Deleting a Direct Connect Gateway

If you no longer require a Direct Connect gateway, you can delete it. You must first disassociate all associated virtual private gateways and delete the attached private virtual interface.

To delete a Direct Connect gateway

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/.

  2. In the navigation pane, choose Direct Connect Gateways and select the Direct Connect gateway.

  3. Choose Actions, Delete Direct Connect Gateway.

  4. Choose Delete.

To delete a Direct Connect gateway using the command line or API