Amazon web services (AWS) and the features available are advancing and evolving at a very fast pace to keep up with the demands of the next generation of technological requirements. Essentially, AWS services are services that are customized and tailored to solve business enterprises ongoing cloud computing challenges when it comes to moving data and accessing workloads across regions.  AWS direct connect gateway is one of the latest additions to AWS services that is built to enhance the AWS direct connect capabilities for users who want to establish multiple virtual interfaces to AWS VPCs. In this article, we are going to look at what Amazon Direct Connect Gateway is exactly, its features, the underlying users benefits, costs and implementation details.

AWS Direct Connect

Before we continue let’s look at AWS direct connect as well so that you can understand Amazon Direct Connect Gateway properly.  AWS direct connect is the method of connecting AWS infrastructure to your private network or facilities either purchasing directly from Amazon or via APN partners. With Direct Connect, customers are be able to create a dedicated network connection between their premises and Amazon web services (AWS).  A customer is be able to access all of their AWS resources in AWS, transfer critical business data from their offices or data centers directly bypassing the internet, increasing security and eliminating network congestion. Until the release of Direct Connect Gateway AWS Direct Connect only allowed access to resources in the region in which it was provisioned (except in North America) making it difficult for businesses seeking intra-regional connectivity. This is what led to the birth of Amazon Direct Connect Gateway in order to support high redundancy and availability, to enhance security as well as aid in the improvement of network performance between environments.

What is AWS Direct Connect Gateway?

AWS Direct Connect Gateway also referred to as Amazon Direct Connect Gateway is a service that effectively sits on top of AWS Direct Connect.  It gives AWS Direct Connect customers the ability to configure VIFs to their resources in multiple AWS regions. With AWS Direct Connect it was not possible for clients to establish multiple dedicated links to various AWS regions from their enterprise data centers or on-premises.  Direct Connect Gateway makes the establishment of multiple links from the user’s current location to AWS regions possible potentially reducing the overheads of managing multiple Direct Connects and thus reducing costs in the process.

Essentially, Amazon Direct Connect Gateway is a powerful and a simple solution that eliminates the challenges associated with creating and managing multiple links to multiple AWS regions.

AWS Direct Connect Gateway Features

The following are some of the Amazon Direct Gateway features that you should take into consideration when using this service:

  • Single AWS account: it is important to note that users cannot be able to use Amazon Direct Connect Gateway with a single AWS account to establish connections with VPCs. In order for a user to have the ability to associate AWS Direct Connect Gateway with any Virtual Private Gateway, you should ensure that the Virtual Private Gateway exists within the same account. However, Amazon has stated that they have put strategies in place that are meant to make this flexible in the future.
  • Location and Service Level Agreement (SLA): you should note that each Amazon Direct Connect Gateway is an object that exists globally across all of your public AWS regions. In addition, all communications that you wish to establish between your AWS regions via the Direct Connect happens across the existing AWS network backbone. However, service level agreements are not available at the moment for both Direct Connect and Direct Connect Gateway.
  • IP addresses: when establishing multiple connections VPCs must have unique CIDR blocks. When creating connections the VPCs that you establish referencing a particular Direct Connect Gateway should posses IP address ranges without overlapping.
  • Public virtual interfaces: users should note that they cannot create public virtual interfaces on a AWS Direct Connect Gateway.

You should note that Amazon Direct Connect Gateway only supports communications that are between Virtual Private Gateways and the associated private virtual interfaces only. The following is a quick breakdown of traffic flows that are not allowed:

  • Direct communication between a private virtual interface that is attached a Direct Connect Gateway and virtual private network (VPN) connection that is on a virtual private gateway associated with a single Direct Connect Gateway.
  • Virtual private clouds (VPCs) direct communication with associated AWS direct connect gateway
  • Virtual interfaces can communicate directly with the attached direct connect gateway.

Benefits of AWS Direct Connect Gateway

  1. Reduces network costs – Using a Amazon Direct Connect Gateway potentially lowers network costs by reducing the number of Direct Connects required.
  2. Simple – AWS Direct Connect Gateway services can be accessed easily and quickly by signing up for an account using the AWS services management console. AWS management console interface provides you with a single view to manage your virtual interfaces and connections efficiently. In addition, you can access downloadable router templates online for your networking tools when you configure one or a number of virtual interfaces.
  3. Scalability – AWS Direct Connect Gateway is elastic an service that gives you the ability to scale the connections that you establish to your demands. It provides you with connections ranging from 1 to 10 Gbps, and you can even create multiple connections according to the capacity you want.

Implementation details

Getting started with AWS Direct Connect Gateway is straightforward but you must establish an AWS Direct Connect interface on your location first. The following is a step by step guide on how to create a Direct Connect Connection in different scenarios and procedures to create multiple connections using Amazon Direct Connect Gateways.

Scenario 1: Present at an AWS Direct Connect location – In this scenario, you can connect directly to the AWS device from a router that is present at your AWS direct connect location with connection ranges of 1Gbps to 10Gbps.

Scenario 2: Connecting from your premises – You can work with a network provider partner or the AWS partner network (APN) to give you help in connecting a router from your office, colocation environment, or data center to AWS direct connect location. Network provider whom you opt to work should not be an APN member for them to connect you.

Scenario 3: Connection via APN – Lastly, in such a scenario you can choose to work with an APN who will establish a hosted connection that you will use. You can visit AWS services providers and sign up with them, then accept your hosted connection by following the outlined instructions.

Creating an AWS Direct Connect Gateway

  • Click on the Direct Connect Gateway to get started when you open your Direct Connect console. Note that you will find an empty list because you haven’t created any gateways yet.
  • After clicking on Direct Connect Gateways link, enter a private autonomous system number (ASN) for your network and click create. Your new gateway will be visible in your AWS regions immediately.
  • Use your existing Direct Connect connection to create your virtual interface (VIF). The private VIF you create references to your connection and the gateway. It will be ready for use within a few seconds. From there you will have created multiple VPCs that without overlapping CIDRs with a VPG attached to each of them.
  • From there return to your Direct Connect console and select Direct Connect Gateways. Select your gateway and select associate virtual private gateway action from the menu. Select your virtual private gateways and click associate. This can take you a minute or so but you will have a progress bar with associating status state.

When the state of the progress bar reads associated, you will find traffic flow from your premise network and your virtual private clouds flowing over your direct connect connection, no matter where AWS regions are or your virtual private clouds reside. Note that if your VPCs would have been in different AWS regions, similar steps and procedures would apply.


AWS Direct Connect is a dedicated network connection from your premises (office, DC, Co-Lo) to AWS.  With AWS Direct you get private semi-secure network connectivity whilst also reducing your network costs, increasing network throughput and experiencing more consistent network performance (latency, Jitter, loss) than IPSEC VPN solutions across the internet.

AWS has a number of direct connect location where you can establish these dedicated links between your infrastructure and AWS.  Direct Connect can be ordered directly from AWS at speeds of 1Gbps or 10Gbps or via AWS APN partners at speeds of less than 1Gbps.  The dedicated Direct connect links provide access to public or private AWS resource through allowing the link to be divided into multiple VLANs using standard 802.1q tagging.

Direct Connect is available to any customer but is best suited to customer with strict regulatory or performance requirements and customer who access large data-sets hosted within AWS.  There are a number of benefits to using direct connect some being:

  • private connectivity to AWS
  • consistent performance
  • reduced bandwidth costs (potentially)
  • privately access AWS services

Direct Connect can be configured in a number of ways to achieve resiliency and high availability all using industry standard protocols such as 802.1q, 802.1ad for VLAN tagging and nesting, IP SEC for encrypted tunnels and BGP for dynamic routing.  These should be largely familiar to most network engineers and as such managing direct connect should not be too much of an additional burden.