Posted On: Mar 31, 2021

AWS Direct Connect now offers IEEE 802.1AE MAC Security Standard (MACsec) encryption for 10Gbps and 100Gbps Dedicated Connections at select locations to secure your high-speed, private connectivity to the cloud.
Until now, securing data in transit between your network and AWS at multi-gigabit speeds required the aggregation of multiple IPsec VPN tunnels to work around the throughput limits of using a single VPN connection. The complexity of such a solution increases its operational risk and makes it less appealing to secure high-speed connectivity in excess of 10 Gbps. With the release of MACsec support, AWS Direct Connect now delivers native, near line-rate, point-to-point encryption for 10Gbps and 100Gbps Dedicated Connections, ensuring that data communications between AWS and your data center, office, or colocation facility remain protected.
MACsec benefits customers that wish to exchange data with AWS securely and at the highest bandwidth available. This includes customers in regulated industries, such as financial services or healthcare, and customers with high-bandwidth workloads that have strict security requirements, such as media production and autonomous vehicle development. We strongly recommend using connections in more than one AWS Direct Connect location to ensure resilience against device or colocation failure. We also encourage you to use the Resiliency Toolkit failover test feature to test your configurations before going live.
Starting today, MACsec is available at these locations. This list will be updated regularly as MACsec-capable ports are made available at additional locations. The Direct Connect User Guide provides instructions for how to set up MACsec on 10Gbps and 100Gbps Dedicated Connections. Customers can request a new MACsec-capable connection and manage the new feature through the Direct Connect Console or supported APIs.

Sign into the Direct Connect Console today to request your MACsec-capable Dedicated Connection!