How do I connect my private network to AWS public services using an AWS Direct Connect public VIF?

Last updated: 2020-10-08

How do I connect my private network to AWS public services using an AWS Direct Connect public virtual interface (VIF)?

Resolution

Create a Direct Connect public VIF to connect AWS public endpoints with public IP addresses that are advertised to AWS over Border Gateway Protocol (BGP).

You can configure:

  • The on-premises router terminating the public VIF to network address translation (NAT) the private networks to the public peer IP address.
    -or-
  • The on-premises router terminating the public VIF to port address translation (PAT) the private networks to the public peer IP address.

You can also configure a subnet that you're advertising over the public VIF to connect to the AWS public resources. This allows your private networks to connect to AWS public resources in the same Region as the Direct Connect connection.

For example, let's say that you have a corporate network of 192.168.0.0/24 that needs to access AWS public resources. The network uses 198.51.100.1/24 as the local peer IP address, and 198.51.100.2/24 as the remote peer IP address. In this scenario:

  • Use the local peer IP address associated with the public VIF as the NAT or PAT IP address, and
  • Advertise 198.51.100.0/24 over the Direct Connect public VIF