📡 You're offline — showing cached content
New version available!
Quick Access
🗺️ Roadmaps 🃏 Flashcards 📚 Series 🎓 Tutorials 🗺️ My Path 🎤 Mock Interview Cheat Code 📄 Resume Builder 🛠️ Dev Tools
Tutorials AWS Solutions Architect AWS Direct Connect

AWS Direct Connect

5 min read Quiz at the end
Understand Direct Connect for dedicated hybrid connectivity. Compare with VPN, understand Virtual Interfaces, and design for resilience.

Direct Connect — Dedicated Private Line to AWS

Direct Connect (DX) establishes a dedicated, private network connection between your data center and AWS — bypassing the public internet entirely. It provides consistent, low-latency connectivity for hybrid workloads.

Teacher Note: Regular internet connectivity to AWS is like driving to work on a public highway — shared, variable speed, affected by traffic. Direct Connect is like a private tunnel from your building directly to the AWS data center — dedicated to you, consistent speed, no traffic.

Direct Connect vs VPN

FeatureDirect ConnectSite-to-Site VPN
PathDedicated private line (no internet)Encrypted tunnel over internet
LatencyConsistent, low latencyVariable (internet dependent)
Bandwidth1 Gbps or 10 Gbps dedicatedUp to 1.25 Gbps per tunnel
Setup time1-3 months (physical install)Minutes to hours
CostHigh (monthly port fee + partner fee)Low ($0.05/hour per connection)
EncryptionNot encrypted by default (add VPN on top)Encrypted (IPSec)
Best ForProduction hybrid workloads, large data transferBackup, testing, small offices

Direct Connect Architecture

Your Data Center
  |
  |-- Physical fiber cable
  |
[Direct Connect Location (co-location facility)]
  |
  |-- AWS infrastructure
  |
[AWS Region]
  |
  VPC via Virtual Interfaces:
  - Private VIF: connects to VPC private IP space
  - Public VIF: connects to AWS public services (S3, DynamoDB)
  - Transit VIF: connects to Transit Gateway

Direct Connect Resilience

  • Single DX connection: no redundancy — if cable cut, no connectivity
  • Dual DX connections: two connections at same location — some resilience
  • Dual DX at different locations: high resilience
  • DX + VPN backup: most common — DX primary, VPN failover (different paths)
Exam Tip: Direct Connect data transfer costs $0.02-0.03/GB versus $0.09/GB over internet. For workloads transferring 100TB/month, DX pays for itself. Exam: Direct Connect does NOT encrypt traffic by default. To add encryption: run IPSec VPN over the Direct Connect connection.