Create a connection - AWS Direct Connect

Create a connection

You can create a standalone connection, or you can create a connection to associate with a LAG in your account. If you associate a connection with a LAG, it's created with the same port speed and location that is specified in the LAG.

If you do not have equipment at an AWS Direct Connect location, first contact an AWS Direct Connect Partner at the AWS Direct Connect Partner Program. For more information, see APN Partners Supporting AWS Direct Connect.

If you want to create a connection that uses MAC Security (MACsec), review the prerequisites before you create the connection. For more information, see MACsec prerequisites .


To create a new connection

  1. Open the AWS Direct Connect console at

  2. On the AWS Direct Connect screen, under Get started, choose Create a connection.

  3. On the Create Connection pane, under Connection settings, do the following:

    1. For Name, enter a name for the connection.

    2. For Location, select the appropriate AWS Direct Connect location.

    3. If applicable, for Sub Location, choose the floor closest to you or your network provider. This option is only available if the location has meet-me rooms (MMRs) in multiple floors of the building.

    4. For Port Speed, choose the connection bandwidth.

    5. For On-premises, select Connect through an AWS Direct Connect partner when you use this connection to connect to your data center.

    6. (Optional) Configure MAC security (MACsec) for the connection. Under Additional Settings, select Request a MACsec capable port.

      MACsec is only available on dedicated connections.

      1. (Optional) Add or remove a tag.

        [Add a tag] Choose Add tag and do the following:

        • For Key, enter the key name.

        • For Value, enter the key value.

        [Remove a tag] Next to the tag, choose Remove tag.

  4. Choose Create Connection.

Command line

Use one of the following commands.

Download the LOA-CFA

After we have processed your connection request, you can download the LOA-CFA.

If you need to change the LOA-CFA after it has been created (for example, you need to change the ports), contact AWS Support.

The LOA-CFA expires after 90 days. If your connection is not up after 90 days, we send you an email alerting you that the LOA-CFA has expired. To refresh the LOA-CFA with a new issue date, download it again from the AWS Direct Connect console. If you do not take any action, we will begin billing for the connection after the 90 days unless you take explicit action to delete the connection.


Port-hour billing starts 90 days after you created the connection, or after the connection between your router and the AWS Direct Connect endpoint is established, whichever comes first. For more information, see AWS Direct Connect Pricing. If you no longer want the connection after you have reissued the LOA-CFA, you must delete the connection yourself. For more information, see Delete connections.


To download the LOA-CFA

  1. Open the AWS Direct Connect console at

  2. In the navigation pane, choose Connections.

  3. Select the connection, and then choose View details.

  4. Choose Download LOA-CFA.


    If the link is not enabled, the LOA-CFA is not yet available for you to download. Check your email for a request for information. If it's still unavailable, or you haven't received an email after 72 hours, contact AWS Support.

  5. Send the LOA-CFA to your network provider or colocation provider so that they can order a cross connect for you. The contact process can vary for each colocation provider. For more information, see Requesting cross connects at AWS Direct Connect locations.

Command line

To download the LOA-CFA using the command line or API