Setting Up Amazon Direct Connect with the AWS CLI

- aws networking

This post is part of my note taking while studying for the AWS Certified Advanced Networking - Specialty certification.

View Direct Connect Connections

AWS Direct Connect is region specific. Make sure you’re CLI is setup for the region you’d like to be in.

$ aws directconnect describe-connections

Output:

{
    "connections": [
        {
            "ownerAccount": "123456789012",
            "connectionId": "dxcon-fg31dyv6",
            "connectionState": "requested",
            "bandwidth": "1Gbps",
            "location": "TIVIT",
            "connectionName": "Connection to AWS",
            "region": "sa-east-1"
        }
    ]
}

Create a Connection

AWS CLI:

$ aws directconnect create-connection --location TIVIT --bandwidth 1Gbps --connection-name "Connection to AWS"

Output:

{
    "ownerAccount": "123456789012",
    "connectionId": "dxcon-fg31dyv6",
    "connectionState": "requested",
    "bandwidth": "1Gbps",
    "location": "TIVIT",
    "connectionName": "Connection to AWS",
    "region": "sa-east-1"
}

Confirm Connection

AWS CLI:

$ aws directconnect confirm-connection --connection-id dxcon-fg2wi7hy

Output:

{
    "connectionState": "pending"
}

List of states the connection can be in.

Get LOA

AWS CLI:

$ aws directconnect describe-connection-loa --connection-id dxcon-fh6ayh1d --output text --query loa.loaContent|base64 --decode > myLoaCfa.pdf

The LOA is output in the pdf specified at the end of the command.

Create a Public VIF

This is how you would access public AWS resources (e.g,. S3, RDS) over a Direct Connect Connection. Some notes about Public VIFs:

AWS CLI:

$ aws directconnect create-public-virtual-interface --connection-id dxcon-ffjrkx17 --new-public-virtual-interface virtualInterfaceName=PublicVirtualInterface,vlan=2000,asn=65000,authKey=asdf34example,amazonAddress=203.0.113.1/30,customerAddress=203.0.113.2/30,routeFilterPrefixes=[{cidr=203.0.113.0/30},{cidr=203.0.113.4/30}]

Output:

{
    "virtualInterfaceState": "verifying",
    "asn": 65000,
    "vlan": 2000,
    "customerAddress": "203.0.113.2/30",
    "ownerAccount": "123456789012",
    "connectionId": "dxcon-ffjrkx17",
    "virtualInterfaceId": "dxvif-fgh0hcrk",
    "authKey": "asdf34example",
    "routeFilterPrefixes": [
        {
            "cidr": "203.0.113.0/30"
        },
        {
            "cidr": "203.0.113.4/30"
        }
    ],
    "location": "TIVIT",
    "customerRouterConfig": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<logical_connection id=\"dxvif-fgh0hcrk\">\n  <vlan>2000</vlan>\n  <customer_address>203.0.113.2/30</customer_address>\n  <amazon_address>203.0.113.1/30</amazon_address>\n  <bgp_asn>65000</bgp_asn>\n  <bgp_auth_key>asdf34example</bgp_auth_key>\n  <amazon_bgp_asn>7224</amazon_bgp_asn>\n  <connection_type>public</connection_type>\n</logical_connection>\n",
    "amazonAddress": "203.0.113.1/30",
    "virtualInterfaceType": "public",
    "virtualInterfaceName": "PublicVirtualInterface"
}

Create a Private VIF

A private VIF sends traffic to a single VPC.

AWS CLI:

$ aws directconnect create-private-virtual-interface --connection-id dxcon-ffjrkx17 --new-private-virtual-interface virtualInterfaceName=PrivateVirtualInterface,vlan=101,asn=65000,authKey=asdf34example,amazonAddress=192.168.1.1/30,customerAddress=192.168.1.2/30,virtualGatewayId=vgw-aba37db6

Output:

{
    "virtualInterfaceState": "pending",
    "asn": 65000,
    "vlan": 101,
    "customerAddress": "192.168.1.2/30",
    "ownerAccount": "123456789012",
    "connectionId": "dxcon-ffjrkx17",
    "virtualGatewayId": "vgw-aba37db6",
    "virtualInterfaceId": "dxvif-ffhhk74f",
    "authKey": "asdf34example",
    "routeFilterPrefixes": [],
    "location": "TIVIT",
    "customerRouterConfig": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<logical_connection id=\"dxvif-ffhhk74f\">\n  <vlan>101</vlan>\n  <customer_address>192.168.1.2/30</customer_address>\n  <amazon_address>192.168.1.1/30</amazon_address>\n  <bgp_asn>65000</bgp_asn>\n  <bgp_auth_key>asdf34example</bgp_auth_key>\n  <amazon_bgp_asn>7224</amazon_bgp_asn>\n  <connection_type>private</connection_type>\n</logical_connection>\n",
    "amazonAddress": "192.168.1.1/30",
    "virtualInterfaceType": "private",
    "virtualInterfaceName": "PrivateVirtualInterface"
}

Configure your kit

AWS will provide downloadable config you can use either via copy and paste or use the information in the config to configure your device manually.