Links: 101 AWS SAA Index
- Also known as DX.
- It provides a dedicated private connection from a remote network to your VPC.
- Dedicated connection must be setup between your Data Centre and AWS Direct Connect locations.
- You need to setup a Virtual Private Gateway on your VPC. We also needed a VPG in Site to Site VPN.
We can access public and private resources on the same network. Like we can access public resources (S3) and private (EC2) on same connection.
- Increase bandwidth throughput working with large data sets lower cost
- More consistent network experience applications using real-time data feeds
- Hybrid Environments (on premise + cloud)
- Supports both IPv4 and IPv6.
Everything is private and nothing goes over the public internet. There by we can say we are bypassing the ISPs.
There are 2 connection types:
- Dedicated: better speed with a physical ethernet port dedicated to the customer.
We have private virtual interfaces in DX.
Specific location DX locations also known as Direct Connect Partners, Both public and private resources, VPG
It can take more than 1 month to establish a DX connection. So if you want something quick go for Site to Site VPN.
Direct Connect Gateway¶
- You integrate Direct Connect Gateway with an existing Direct Connection first.
- If you want to setup a Direct Connect to one or more VPC in many different regions (same account), you must use a Direct Connect Gateway.
For comparison in VPN CloudHub we had one VPCs and multiple sites. In Direct connect gateway we have multiple VPCs and one site.
A direct connect gateway can be associated to:
- VPG: In the above example picture it is associated with VPG shown by the lock symbol. The VPCs can't communicate with each other they can only communicate to the site.
- Transit Gateway: The VPCs can communicate to each other. A transit gateway is attached to a Direct Connect gateway using a transit virtual interface.
Keywords for Direct connect gateway: multiple VPCs, many different regions, same account, one on premise region.
- Data in transit is not encrypted but is private
- AWS Direct Connect + VPN provides an IPsec-encrypted private connection
- High Resiliency: One connection at multiple locations.
- Wording: Opt for one Direct Connect connection at each of the multiple Direct Connect locations
- Maximum resiliency: Separate connections terminating on separate devices in more than one location.
- Wording: Opt for two separate Direct Connect connections terminating on separate devices in more than one Direct Connect location.
- Non critical production or development workload:
- Wording: Opt for at least two Direct Connect connections terminating on different devices at a single Direct Connect location
The inner lines are the connections. What they are passing through are the locations.
For resiliency in DX, DX location has a higher preference than the number of connections.
Last updated: 2022-05-02