AWS Quick Notes — Direct Connect
Direct connect provides a direct connection from your data center to one or more AWS VPC.
Steps
- A router and firewall is setup in the on-premise data center.
- In one of the many AwS Direct Connect Locations , a customer or partner cage router is setup in a Customer or Partner cage along side the AWS Direct Connect endpoint which is setup in a AWS Cage.
- The AWS Customer router from the on premises data center now connects to the Customer Cage router in the AWS Direct Connect Location
- The Customer Cage router connects to the AWS cage router.
- The AWS Cage Router then connects into a Virtual Private Gateway installed in the AWS , attached to your VPC.
- A private virtual interface is thus setup all the way from the on-premises data center to the AWS VPC.
Direct Connect Gateway
If you want to connect to more than one VPC in different regions in the same account , a direct connect gateway can help.
Direct Connect can be setup using dedicated or hosted connections. Hosted connections are more flexible as they can be adjusted upwards for capacity as needed. Requests are fulfilled by AWS partners and take upto a month to complete.
Security
Data that flows through a direct connect connection is secure since the connection is private and does not flow through the open internet.
However if within the dedicated direct connect connection we need data to be encrypted VPN can be setup. This provides an IPSec encrypted connection.
High Availability
High availability can be achieved by using multiple AWS Direct Connect Locations. The on-premise data center connects to multiple direct connect locations which in turn connect to the Virtual Private Gateway in the AWS region.
For maximum resiliency, it is recommended that not only multiple direct connect locations are used, but within each location multiple connections are setup. So in this case , we could have two or more locations and each location we could have two or more connections from the data center to the customer cage, which connects to two or more AWS cages, which then connects into the Virtual Private Gateway.
