Obtaining an AWS Direct Connect
Obtaining an AWS Direct Connect
2h 40m

In this section of the AWS Certified Advanced Networking - Specialty learning path, we introduce you to the various tools, technologies, and services used to connect on-premises environments to the AWS Cloud, including Direct Connect and VPNs.

Learning Objectives

  • Identify and describe how Direct Connect and VPNs are used to connect on-premises environments to the AWS Cloud
  • Describe advanced AWS Direct Connect connectivity scenarios, including when to leverage Public, Private, and Transit Virtual Interfaces (VIFs)
  • Understand routing fundamentals for static and dynamic routing in AWS along with industry-standard routing protocols such as Border Gateway Protocol (BGP)
  • Describe how to use encryption to secure traffic as it travels across VPNs and Direct Connect connections


The AWS Certified Advanced Networking - Specialty certification has been designed for anyone with experience designing, implementing, and operating complex AWS and hybrid networking architectures. Ideally, you’ll also have some exposure to the nuances of AWS networking, particularly regarding the integration of AWS services and AWS security best practices. Many exam questions will require advanced level knowledge of many AWS services, including AWS networking services. The AWS Cloud concepts introduced in this course will be explained and reinforced from the ground up.


Hello and welcome to this lecture where I want to talk about how an organization would obtain an AWS Direct Connect connection. The process of obtaining an AWS Direct Connect, or DX connection, isn't too difficult from an AWS management console perspective. The hardest and/or the most time-consuming part is typically building the connection from the on-prem data center to the desired DX location. But at a high level, these are the tasks that are completed to utilize an AWS Direct Connect connection. One, an AWS customer requests a DX connection in a DX location. Two, once the connection request has been received, AWS will allocate a DX port for the customer on one of their AWS-owned DX routers in the specified DX location. Three, once the DX port has been allocated, the customer downloads the Letter of Authorization Customer Facility Access form, or LOA-CFA, which authorizes the DX location support staff to connect the customer environment to the specified AWS DX port.

Four, the customer completes the LOA-CFA form and sends it to the DX location to authorize the DX location support staff to physically access the customer-owned equipment for the purposes of establishing the cross-connect with the AWS DX port. Five, with the LOA-CFA form in hand, the DX location support staff run the cross-connect cable from the customer-owned equipment to the AWS-owned DX port. Six, physical connectivity is now established and the Direct Connect is now available for use.


About the Author
Learning Paths

Jeremy is a Content Lead Architect and DevOps SME here at Cloud Academy where he specializes in developing DevOps technical training documentation.

He has a strong background in software engineering, and has been coding with various languages, frameworks, and systems for the past 25+ years. In recent times, Jeremy has been focused on DevOps, Cloud (AWS, Azure, GCP), Security, Kubernetes, and Machine Learning.

Jeremy holds professional certifications for AWS, Azure, GCP, Terraform, Kubernetes (CKA, CKAD, CKS).