Course Introduction
VPC Fundamentals
What is a VPC?
PREVIEW16m 20s
VPC Security and Control
VPC Connectivity
Introduction to AWS PrivateLink
VPC Sharing using the AWS Resource Access Manager
Understanding Direct Connect, Implementation and Configuration
Why Direct Connect?
5m 25s
Understanding AWS Direct Connect - Connectivity Options
7m 3s
Examining AWS Routing
AWS Default Routing

The course is part of this learning path

Start course
3h 55m

This section of the AWS Certified Solutions Architect - Professional learning path introduces you to the core networking concepts and services relevant to the SAP-C02 exam. We start with an introduction to the AWS Virtual Private Network (VPC) and networking services. We then understand the options available and learn how to select and apply AWS networking, DNS, and content delivery services to meet specific design scenarios relevant to the AWS Certified Solutions Architect - Professional exam. 

Want more? Try a Lab Playground or do a Lab Challenge

Learning Objectives

  • Get a foundational understanding of VPCs, their security, and connectivity
  • Learn about VPC sharing using the AWS Resource Access Manager
  • Discover inter-regional and intra-regional communication patterns in AWS
  • Learn about AWS Direct Connect, along with its implementation, configuration, and connectivity options
  • Understand routing in AWS, including static and dynamic routing
  • Understand the basics of networking, including Elastic IP addresses, Elastic Network Interfaces, networking with EC2, VPC endpoints, and AWS Global Accelerator
  • Learn about the DNS and content delivery services Amazon Route 53 and Amazon CloudFront

Welcome to the final lecture of this course where I will summarize the key points from the previous lectures. I started this lecture talking about how an organization would obtain an AWS Direct Connect connection. The high level steps for that process are: 1, an AWS customer request a DX connection in a DX location. 2, once the connection request has been received, AWS will allocate a DX port for the customer on one of their AWS-owned DX routers in the specified DX location. 3, once the DX port has been allocated, the customer downloads the letter of Authorization Customer Facility Access form, or the LOA-CFA, which authorizes the DX location support staff to connect the customer environment to the specified AWS DX port. 4, the customer completes the LOA-CFA form and sends it to the DX location to authorize the DX location support staff to physically access the customer-owned equipment for the purposes of establishing the cross connect with the AWS DX port. 5, with the LOA-CFA form in hand, the DX location support staff run the cross-connect cable from the customer-owned equipment to the AWS-owned DX port.

6, physical Connectivity is now established and the Direct Connect is now available for use. In order to use an AWS Direct Connect, you must create at least one virtual interface or VIF. A VIF contains the configuration parameters necessary to support a BGP peering connection between the AWS DX port and the customer router, thereby allowing route information to be exchanged between them. AWS currently supports three types of VIFs; public, private, and transit. Public VIFs are used to access AWS public services using public IP addresses via the AWS backbone network. Private VIFs are used to access resources within an Amazon VPC using private IP addressing. Transit VIFs are used when you wish to access one or more Amazon VPCs via a Transit gateway that is associated with a Direct Connect Gateway. We then looked at some advanced Direct Connect connectivity architecture, starting with those available via the AWS Direct Connect Resiliency Toolkit. The AWS Direct Connect Resiliency Toolkit assist cloud administrators with the creation of an advanced DX architecture that is in alignment with an organization's SLA objective. The Resiliency Toolkit provides three resiliency models to choose from.

1, maximum resiliency. This model creates multiple DX Connections in multiple DX locations. 2, high resiliency. This model creates a single DX connection in multiple DX locations. 3, development and test. This model creates multiple DX connections in a single DX location. Within this section, we looked at link aggregation groups or LAGs. LAGs enable multiple physical DX connections to function as a single connection of their aggregated bandwidth. For example, four physical 1GB DX connections configured as a LAG would function as a single 4GB DX connection. Remember that the LAGs provide a measure of resiliency, such as providing protection against the failure of a single DX switch port or cross-connect cable, they do not provide any benefit in regards to the failure of an entire DX location. The primary benefit of a LAG is increased network performance via the consolidated bandwidth of the individual LAG members. Finally, we did a quick recap on VPC peering and how the Transit Gateway has simplified the setup and operation of a global AWS network.

The AWS Transit Gateway is a regional resource that introduces a hub and spoke architecture to support highly scalable and easy-to-manage networks. The Transit Gateway functions as the hub through which traffic is routed to each connected network or spoke. A spoke can be a VPC, an on-prem data center, or a remote office. To support global networks, inter-region peering can be used to connect Transit Gateways in multiple regions. When an organization uses Direct Connect, a Transit VIF, Direct Connect Gateways, and Transit Gateways, they have the opportunity to establish connectivity to any resource in the network regardless of its physical location or AWS region. Transit VIFs allow for some truly remarkable network designs and have become the standard for many of the clients I have personally worked with. I encourage you to remember the following bullet points. 1, each Transit VIF supports up to three Transit Gateways. 2, each Transit Gateway can be attached to 20 Direct Connect Gateways. 3, each Transit Gateway can support up to 5,000 attachments and 50 peering connections.

And 4, a single Direct Connect supports one Transit VIF and a combination of up to 50 Public and Private VIFs. That now brings me to the end of this lecture and to the end of this course. You should now have a greater understanding of the AWS Direct Connect connectivity options available to you. Feedback on our courses here at Cloud Academy is valuable to both us as trainers and students looking to take the same course in the future. If you have any feedback, positive or negative, it would be greatly appreciated if you could contact Thank you for your time and good luck with your continued learning of cloud computing. Have a great day.


About the Author
Learning Paths

Danny has over 20 years of IT experience as a software developer, cloud engineer, and technical trainer. After attending a conference on cloud computing in 2009, he knew he wanted to build his career around what was still a very new, emerging technology at the time — and share this transformational knowledge with others. He has spoken to IT professional audiences at local, regional, and national user groups and conferences. He has delivered in-person classroom and virtual training, interactive webinars, and authored video training courses covering many different technologies, including Amazon Web Services. He currently has six active AWS certifications, including certifications at the Professional and Specialty level.