AWS Direct Connect virtual private gateway associations
You can use an AWS Direct Connect gateway to connect your AWS Direct Connect connection over a private virtual interface to one or more VPCs in any account that are located in the same or different Regions. You associate a Direct Connect gateway with the virtual private gateway for the VPC. Then, you create a private virtual interface for your AWS Direct Connect connection to the Direct Connect gateway. You can attach multiple private virtual interfaces to your Direct Connect gateway.
The following rules apply to virtual private gateway associations:
-
Do not enable route propagation until after you've associated a virtual gateway with a Direct Connect gateway. If you enable route propagation before associating the gateways, routes might be propagated incorrectly.
-
There are limits for creating and using Direct Connect gateways. For more information, see Direct Connect quotas.
-
You cannot attach a Direct Connect gateway to a virtual private gateway when the Direct Connect gateway is already associated with a transit gateway.
-
The VPCs to which you connect through a Direct Connect gateway cannot have overlapping CIDR blocks. If you add an IPv4 CIDR block to a VPC that's associated with a Direct Connect gateway, ensure that the CIDR block does not overlap with an existing CIDR block for any other associated VPC. For more information, see Adding IPv4 CIDR Blocks to a VPC in the Amazon VPC User Guide.
-
You cannot create a public virtual interface to a Direct Connect gateway.
-
A Direct Connect gateway supports communication between attached private virtual interfaces and associated virtual private gateways only, and may enable a virtual private gateway to another private gateway. The following traffic flows are not supported:
-
Direct communication between the VPCs that are associated with a single Direct Connect gateway. This includes traffic from one VPC to another by using a hairpin through an on-premises network through a single Direct Connect gateway.
-
Direct communication between the virtual interfaces that are attached to a single Direct Connect gateway.
-
Direct communication between the virtual interfaces that are attached to a single Direct Connect gateway and a VPN connection on a virtual private gateway that's associated with the same Direct Connect gateway.
-
-
You cannot associate a virtual private gateway with more than one Direct Connect gateway and you cannot attach a private virtual interface to more than one Direct Connect gateway.
-
A virtual private gateway that you associate with a Direct Connect gateway must be attached to a VPC.
-
A virtual private gateway association proposal expires 7 days after it is created.
-
An accepted virtual private gateway proposal, or a deleted virtual private gateway proposal remains visible for 3 days.
-
A virtual private gateway can be associated with a Direct Connect gateway and also attached to a virtual interface.
-
Detaching a virtual private gateway from a VPC also disassociates the virtual private gateway from a Direct Connect gateway.
To connect your AWS Direct Connect connection to a VPC in the same Region only, you can create a Direct Connect gateway. Or, you can create a private virtual interface and attach it to the virtual private gateway for the VPC. For more information, see Create a private virtual interface and VPN CloudHub.
To use your AWS Direct Connect connection with a VPC in another account, you can create a hosted private virtual interface for that account. When the owner of the other account accepts the hosted virtual interface, they can choose to attach it either to a virtual private gateway or to a Direct Connect gateway in their account. For more information, see Virtual interfaces and hosted virtual interfaces.