Overview
AWS Direct Connect provides a dedicated, private network connection from your on-premises data center or colocation facility to AWS.
It allows access to both:
- Private resources in your VPC (via private virtual interface)
- Public AWS services like S3 and DynamoDB (via public virtual interface)
All through the same physical connection.
Key Features
- Bypasses the public internet, offering consistent low latency and higher reliability
- Can reduce bandwidth costs for large-scale data transfers
- Supports BGP for dynamic routing between on-prem and AWS
- Traffic is not encrypted by default (can be combined with VPN over DX for encryption)
- Supports IPv4 and IPv6
Requirements
- A dedicated physical connection to an AWS Direct Connect location
- A Virtual Private Gateway (VGW) for private VIF access to your VPC
(Or a Transit Gateway if connecting to multiple VPCs)
- Configuration of one or more Virtual Interfaces (VIFs):
- Private VIF → VPC private resources
- Public VIF → AWS public services
- Transit VIF → Multiple VPCs via Transit Gateway
Use Cases
- High-bandwidth workloads such as backups, large-scale data migration, or media streaming
- Hybrid cloud with consistent performance and SLA-backed uptime
- Low-latency applications such as financial trading platforms
Exam Tips
- Direct Connect is not encrypted by default — use VPN over DX for IPSec encryption
- Public and private VIFs can share the same physical connection
- DX Gateway allows connecting to VPCs in different regions without separate DX connections
- Can be used with AWS Site-to-Site VPN for a backup connection (high availability pattern)