Beta

AWS Networking Fundamentals

Transit Networks

Direct Connect

AWS Direct Connect provides a private, high-bandwidth network link between your on-premises environment (data center, office, or colocation facility) and AWS. Unlike Internet-based VPNs over IPSec tunnels, Direct Connect offers dedicated 1 Gbps, 10 Gbps, or 100 Gbps connectivity, delivering consistent low latency, higher throughput, and enhanced security.

Key Components

ComponentDescriptionRole
On-Premises NetworkCorporate data center or office network with an edge router or firewall.Terminates the Direct Connect link on your side.
Direct Connect LocationAWS Partner or colocation facility where your customer router and AWS router meet.Houses the cross-connect between you and AWS.
AWS Direct Connect RouterAWS-owned endpoint at the Direct Connect location.Provides the physical port you lease for the connection.

Establishing a Connection

  1. Order a Port
    Request a 1 Gbps, 10 Gbps, or 100 Gbps port in your chosen Direct Connect location.
  2. Cross-Connect Provisioning
    Work with the facility operator to install a cross-connect cable between your customer router and the AWS Direct Connect router.
  3. BGP Session Setup
    Configure Border Gateway Protocol (BGP) peering on both ends to exchange routes dynamically over the AWS global network.

Note

Ensure your on-premises edge device supports the desired port speed and BGP configuration.

The image illustrates a Direct Connect Architecture, showing the connection flow from an on-premise network through a Direct Connect location to an AWS Cloud Virtual Private Cloud (VPC) with private and public services.

Virtual Interfaces (VIFs)

After your physical link is active, segment traffic by creating virtual interfaces:

VIF TypeDestinationUse Case
Private VIFVirtual Private Gateway attached to your VPCAccess private subnets and EC2 instances.
Public VIFAWS public endpoints (e.g., S3, DynamoDB)Reach AWS public services over the AWS network.

Each VIF leverages BGP to advertise and learn routes, ensuring efficient traffic flow.

Pricing Overview

With AWS Direct Connect, you incur two main charges:

Charge TypeDescription
Port HoursHourly fee per provisioned port, regardless of data usage.
Data Transfer OutStandard AWS data transfer rates for outbound traffic. (Inbound is free.)

Warning

Data transfer rates vary by AWS Region. Always review the AWS Direct Connect pricing page for the latest details.

The image is a summary slide highlighting three points about a service that directly links on-premises with AWS, offers greater throughput and security than VPN, and charges based on port hour and outbound data transfer.

Watch Video

Watch video content

Previous
VPN
Next
VPC Peering