How do I connect my private network to AWS public services using an AWS Direct Connect public VIF?

Last updated: 2022-08-17

How do I connect my private network to AWS public services using an AWS Direct Connect public virtual interface (VIF)?

Resolution

Create a Direct Connect public VIF to connect AWS public endpoints with public IP addresses that are advertised to AWS over Border Gateway Protocol (BGP).

You can configure:

  • The on-premises router terminating the public VIF to network address translation (NAT) the private networks to the public peer IP address
    -or-
  • The on-premises router terminating the public VIF to port address translation (PAT) the private networks to the public peer IP address

You can also configure a subnet that you're advertising over the public VIF to connect to the AWS public resources. This allows your private networks to access public routable Amazon services in any AWS Region (except the AWS China Region).

For example, suppose that you have a corporate network of 192.168.0.0/24 that accesses AWS public resources with the following peer IP addresses:

  • 198.51.100.1/24 as the local peer IP address
  • 198.51.100.2/24 as the remote peer IP address

In this scenario:

  • Use the local peer IP address associated with the public VIF as the NAT or PAT IP address
  • Advertise 198.51.100.0/24 over the Direct Connect public VIF