AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an AWS Direct Connect router. With this connection, you can create virtual interfaces directly to public AWS services (for example, to Amazon S3) or to Amazon VPC, bypassing internet service providers in your network path. An AWS Direct Connect location provides access to AWS in the Region with which it is associated. You can use a single connection in a public Region or AWS GovCloud (US) to access public AWS services in all other public Regions.
The following diagram shows a high-level overview of how AWS Direct Connect interfaces with your network.
The following are the key components that you use for AWS Direct Connect:
ConnectionsCreate a connection in an AWS Direct Connect location to establish a network connection from your premises to an AWS Region. For more information, see AWS Direct Connect connections.
Virtual interfaces
Create a virtual interface to enable access to AWS services. A public virtual interface enables access to public services, such as Amazon S3. A private virtual interface enables access to your VPC. The types of supported interfaces are described below in Supported virtual interface types. For more details about the supported interfaces, see AWS Direct Connect virtual interfaces and Prerequisites for virtual interfaces.
To use AWS Direct Connect in an AWS Direct Connect location, your network must meet one of the following conditions:
In addition, your network must meet the following conditions:
AWS Direct Connect supports both the IPv4 and IPv6 communication protocols. IPv6 addresses provided by public AWS services are accessible through AWS Direct Connect public virtual interfaces.
AWS Direct Connect supports an Ethernet frame size of 1522 or 9023 bytes (14 bytes Ethernet header + 4 bytes VLAN tag + bytes for the IP datagram + 4 bytes FCS) at the link layer. You can set the MTU of your private virtual interfaces. For more information, see Set network MTU for private virtual interfaces or transit virtual interfaces.
AWS Direct Connect supports the following three virtual interface (VIF) types:
There are limits to the number of different types of associations between a Direct Connect gateway and a virtual interface. For more information about specific limits, see the Quotas page.
For more information about virtual interfaces, see AWS Direct Connect virtual interfaces.
AWS Direct Connect has two billing elements: port hours and outbound data transfer. Port hour pricing is determined by capacity and connection type (dedicated connection or hosted connection).
Data Transfer Out charges for private interfaces and transit virtual interfaces are allocated to the AWS account responsible for the Data Transfer. There are no additional charges to use a multi-account AWS Direct Connect gateway.
For publicly addressable AWS resources (for example, Amazon S3 buckets, Classic EC2 instances, or EC2 traffic that goes through an internet gateway), if the outbound traffic is destined for public prefixes owned by the same AWS payer account and actively advertised to AWS through an AWS Direct Connect public virtual Interface, the Data Transfer Out (DTO) usage is metered toward the resource owner at AWS Direct Connect data transfer rate.
AWS Direct Connect is a fully managed service where periodically, Direct Connect performs maintenance activities on a hardware fleet that supports the service. Direct Connect connections are provisioned on standalone hardware devices that enables you to create highly resilient network connections between Amazon Virtual Private Cloud and your on-premises infrastructure. This capability enables you to access your AWS resources in a reliable, scalable, and cost-effective way. For more information, see AWS Direct Connect Resiliency Recommendations .
There are two types of Direct Connect maintenance: planned and emergency maintenance:
We recommend that you follow the AWS Direct Connect Resiliency Recommendations so that you can gracefully and proactively shift traffic to your redundant Direct connect connection during maintenance. We also recommend that you proactively test the resiliency of your redundant connections on a regular basis to validate that failover works as intended. Using the AWS Direct Connect Failover Test functionality, you can verify that your traffic routes through one of your redundant virtual interfaces.
For guidance around eligibility criteria to initiate a request for planned maintenance cancellation, see How do I cancel a Direct Connect maintenance event? .
Emergency maintenance requests can't be canceled as AWS must act immediately to restore service.
For more information about maintenance events, see Maintenance events in the AWS Direct Connect FAQs .