How do I connect my private network to AWS public services using an AWS Direct Connect public virtual interface (VIF)?

AWS Direct Connect public VIFs allow you to connect to the AWS public endpoints with public IP addresses (such as Amazon S3 and Amazon DynamoDB) that are advertised to AWS over Border Gateway Protocol (BGP).

You can configure the on-premises router terminating the Direct Connect public VIF to network address translation (NAT) or port address translation (PAT) the private networks (RFC1918) to the public peer IP. You can also configure a subnet that you are advertising over the public VIF to connect to the AWS public resources. This allows your private networks to connect to AWS public resources in the same region as the Direct Connect connection.

For example, if you have a corporate network of 192.168.0.0/24 that needs to access AWS public resources, you're using 198.51.100.1/24 as your local peer IP, and you're using 198.51.100.2/24 as the remote peer IP. In this example, you can use the local peer IP associated with the public VIF as the NAT/PAT IP address, and advertise 198.51.100.0/24 over the Direct Connect public VIF.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-09-27

Updated: 2017-10-16