Which AWS service provides a user with connectivity between the AWS cloud and on-premises resources select two *?

Merging your on-premises and AWS environment – act like one, easier to manage
Sharing existing services in both infrastructures
No huge upfront costs for the devices and Comms Room
Enables you to securely access and manage your resources on AWS from the on-premises network.
VPN encrypts the entire traffic, so you are safe when using unsecured protocols when connecting between your and AWS network
Accessing instances in AWS using private IP addresses

You have launched a few EC2 instances on AWS to test an application, why wouldn’t you? There are no upfront costs it took just 30 minutes to spin up several servers. After weeks of testing, everything looks good, and you moved your application to new Prod EC2 instances. However, something is missing, you can’t use the Authentication from your on-premise Active Directory, or something else that you took for granted in your company environment.
The question was raised, how do I connect my on-premise network to AWS? I would like to ‘merge’ both environments

Table of Contents Show

Do you really need a dedicated connection between your network and AWS?
Connect Your Data Center to AWS (Direct Connect)
Using Site-to-Site VPN, between the on-premises network and AWS
Using Client VPN

We will provide you with the answers in the below paragraphs.

Do you really need a dedicated connection between your network and AWS?

For completeness, and before jumping the gun. There may be cases that you don’t need a direct connection or VPN to connect your on-premises network to AWS. Office 365 is hosted in the Cloud and everyone at home or office is happy using the application without over-complicating the network setup. Remember the best networks are – Simple Networks! The setup varies from business-to-business, and everyone needs to ask a fundamental question – Do I need this? Perhaps, an application or service hosted in AWS can be access directly from the Internet using secure protocols, just applying more secure and sophisticated authentication like, Multi-Factor Authentication will solve the problem. Applying ACL – Access-Lists, Security Groups, Inbound filtering, to only allow users from the corporate network
Our point here is to go through the all options on the table before committing yourself to a service or solution!

Connect Your Data Center to AWS (Direct Connect)

AWS Direct Connect enables you to securely connect your AWS environment to your on-premises data centre or office location over a standard 1Gb or 10Gb Ethernet fibre-optic connection. AWS Direct Connect offers dedicated high speed, low latency connection, which bypasses internet service providers in your network path. An AWS Direct Connect location provides access to Amazon Web Services in the region it is associated with, as well as access to other US regions. AWS Direct Connect allows you to logically partition the fibre-optic connections into multiple logical connections called Virtual Local Area Networks (VLAN). You can take advantage of these logical connections to improve security, differentiate traffic, and achieve compliance requirements.

Use AWS Direct Connect to securely link your on-premises environment to AWS

Data Center to AWS setup demands in-depth planning by the network team.

In most cases or thinking long term 10Gb resilient uplinks will be most suitable for an organisation. Additionally, a new scope of IP addresses needs to be allocated at AWS VPC and it mustn’t conflict with anything that you have in the Data Center. A BGP dynamic routing protocol will be configured to allow reachability between the AWS and on-premies environments.

Firewall rule-policy will surge in size at your Edge, Extranet and LAN points.

It may go as high as 50-100%, make sure you have ‘fat margins’ and scope to handle this increase.
Why? Due to the fact that you will need to filter traffic to/from AWS and therefore you will need to add more rules, objects to the firewall policy.

Estimate billing, no charges for the connection, but you will pay for data transfer. For example, if you order a 1GB connection to the US East region – Virginia and you expect to transfer 1TB out on a monthly basis, the total cost would be $236 per month.

Full information on the scope of what you need at AWS

Using Site-to-Site VPN, between the on-premises network and AWS

This solution is much quicker to implement providing that already you have a pair of Firewalls or Routers (with VPN accelerator hardware) in High-Availability mode connected to the Internet, usually at your Extranet Block.

By default, instances that you launch into an Amazon VPC can’t communicate with your own (remote) network. You can enable access to your remote network from your VPC by creating an AWS Site-to-Site VPN (Site-to-Site VPN) connection, and configuring routing to pass traffic through the connection.

Although the term VPN connection is a general term, in this documentation, a VPN connection refers to the connection between your VPC and your own on-premises network. Site-to-Site VPN supports Internet Protocol security (IPsec) VPN connections.

A Site-to-Site VPN connection offers two (Active/Standby) VPN tunnels between a virtual private gateway or a transit gateway on the AWS side, and a customer gateway on the remote (on-premises) side.

AWS Site-to-Site VPN Documentation

AWS VPN Pricing

Using Client VPN

Network Team, administrators are responsible for setting up and configuring the services, once downloaded the Client VPN endpoint configuration file is distributed to end-users that require this service. They will be able to connect directly to AWS and services hosted in VPC for the organisation

The client is the end-user. This is the person who connects to the Client VPN endpoint to establish a VPN session. The client establishes the VPN session from their local computer or mobile device using an OpenVPN-based VPN client application. After they have established the VPN session, they can securely access the resources in the VPC in which the associated subnet is located. They can also access other resources in AWS or an on-premises network if the required route and authorization rules have been configured. For more information about connecting to a Client VPN endpoint to establish a VPN session

Other useful information regarding VPN Solutions:

At the Edge Layer – HA VPN, LAN-to-LAN Service

COVID-19, you need a VPN for isolated Home Users

Q: Why is an AWS Direct Connect gateway necessary?

An AWS Direct Connect gateway performs several functions:

AWS Direct Connect gateway will give you the ability to interface with VPCs in any AWS Region (except the AWS China Region), so you can use your AWS Direct Connect connections to interface with more than one AWS Region.
You can share a private virtual interface to interface with up to 10 VPCs to reduce the number of Border Gateway Protocol sessions between your on-premises network and AWS deployments.
By attaching transit virtual interface(s) (VIF) to an AWS Direct Connect gateway and associating AWS Transit Gateway(s) with the Direct Connect gateway, you can share transit virtual interface(s) to connect with up to three AWS Transit Gateways. This can reduce the number of Border Gateway Protocol sessions between your on-premises network and AWS deployments. Once a transit VIF is connected to an AWS Direct Connect Gateway, that Gateway cannot also host another Private VIF - it is dedicated to the transit VIF.
You can associate multiple virtual private gateways (VGWs, associated with a VPC) to an AWS Direct Connect gateway, as long as the IP CIDR blocks of the Amazon VPC associated with the Virtual Private Gateway do not overlap.

Q: Can I associate more than one AWS Transit Gateway with an AWS Direct Connect gateway?

You can associate up to three Transit Gateway to an AWS Direct Connect gateway as long as the IP CIDR blocks announced from your Transit Gateways do not overlap.

Q: Can I associate VPCs owned by any AWS account with an AWS Direct Connect gateway owned by any AWS account?

Yes, you can associate VPCs owned by any AWS account with an AWS Direct Connect gateway owned by any AWS account.

Q: Can I associate AWS Transit Gateway that are owned by any AWS account with an AWS Direct Connect gateway that is owned by any AWS account?

Yes, you can associate a Transit Gateway owned by any AWS account with an AWS Direct Connect gateway owned by any AWS account.

Q: If I use an AWS Direct Connect gateway, does my traffic to the desired AWS Region go by way of the associated home AWS Region?

No. When using AWS Direct Connect gateway, your traffic will take the shortest path to and from your AWS Direct Connect location to the destination AWS Region, regardless of the associated home AWS Region of the AWS Direct Connect location where you are connected.

Q: Are there additional fees when using AWS Direct Connect gateway and working with remote AWS Regions?

There are no charges for using an AWS Direct Connect gateway. You will pay applicable egress data charges based on the source remote AWS Region and port hour charges. See the AWS Direct Connect pricing page for details.

Q: Do I need to use the same AWS account with my private/transit virtual interfaces(s), AWS Direct Connect gateway, Virtual Private Gateway, or AWS Transit Gateways in order to use an AWS Direct Connect gateway?

Private virtual interfaces and AWS Direct Connect gateways must be in the same AWS account. Similarly, transit virtual interfaces and AWS Direct Connect gateways must be in the same AWS account. Virtual private gateway(s) and AWS Transit Gateway(s) can be in different AWS accounts than the account that owns the AWS Direct Connect gateway.

Q: If I associate virtual private gateways (VGWs) to an AWS Direct Connect gateway, can I continue to use all VPC features?

Networking features, such as Elastic File System, Elastic Load Balancing, Application Load Balancer, Security Groups, Access Control List, and AWS PrivateLink, work with AWS Direct Connect gateway. AWS Direct Connect gateway does not support AWS VPN CloudHub functionality. However, if you are using an AWS Site-to-Site VPN connection to a virtual gateway (VGW) that is associated with your AWS Direct Connect gateway, you can use your VPN connection for failover.

Features that are not currently supported by AWS Direct Connect are; AWS Classic VPN, AWS VPN (such as edge-to-edge routing), VPC peering, VPC endpoints.

Q: I am working with an AWS Direct Connect Partner to get private virtual interface (VIF) provisioned for my account, can I use an AWS Direct Connect gateway?

Yes, you can associate a provisioned private virtual interface (VIF) with your AWS Direct Connect gateway when you confirm that you are provisioned as private in your AWS account.

Q: Can I connect to VPCs in my local Region?

You can continue to attach your virtual interfaces (VIFs) to virtual private gateways (VGWs). You will still have intra-Region VPC connectivity, and will be charged the egress rate for the related geographic Regions.

Q: What are the quotas associated with an AWS Direct Connect gateway?

Please refer to the AWS Direct Connect quotas page for information on this topic.

Q: Can virtual private gateways (VGWs, associated with a VPC) be part of more than one AWS Direct Connect gateway?

No, a VGW-VPC pair cannot be part of more than one AWS Direct Connect gateway.

Q: Can you attach a private virtual interface (VIF) to more than one AWS Direct Connect gateway?

No, one private virtual interface can only attach to one AWS Direct Connect gateway OR one Virtual Private Gateway. We recommend that you follow AWS Direct Connect resiliency recommendations and attach more than one private virtual interface.

Q: Does AWS Direct Connect gateway break existing AWS VPN CloudHub functionality?

No, AWS Direct Connect gateway does not break AWS VPN CloudHub. AWS Direct Connect gateway enables connectivity between on-premises networks and VPCs in any AWS Region. AWS VPN CloudHub enables connectivity between on-premises networks using AWS Direct Connect or a VPN within the same Region. The VIF is associated with the VGW directly. Existing AWS VPN CloudHub functionality will continue to be supported. You can attach an AWS Direct Connect virtual interface (VIF) directly to a virtual private gateway (VGW) to support intra-Region AWS VPN CloudHub.

Q: What type of traffic is, and is not, supported by AWS Direct Connect gateway?

Please refer to AWS Direct Connect User Guide to review supported and not supported traffic patterns.

Q: I currently have a VPN in us-east-1 attached to a virtual private gateway (VGW). I want to use AWS VPN CloudHub in us-east-1 between the VPN and a new VIF. Can I do this with AWS Direct Connect gateway?

No, you cannot do this with an AWS Direct Connect gateway, but the option to attach a VIF directly to a VGW is available to use the VPN <-> AWS Direct Connect AWS VPN CloudHub use case.

Q: I have an existing private virtual interface associated with virtual private gateway (VGW), can I associate my existing private virtual interface with an AWS Direct Connect gateway?

No, an existing private virtual interface associated with VGW cannot be associated with an AWS Direct Connect gateway. To do this, you must create a new private virtual interface, and at the time of creation, associate it with your AWS Direct Connect gateway.

Q: If I have a virtual private gateway (VGW) attached to a VPN and an AWS Direct Connect gateway, and my AWS Direct Connect circuit goes down, will my VPC traffic route out to the VPN?

Yes, as long as the VPC route table has routes to the virtual private gateway (VGW) towards the VPN.

Q: Can I attach a virtual private gateway (VGW) to an AWS Direct Connect gateway if it is not attached to a VPC?

No, you cannot associate an unattached VGW to AWS Direct Connect gateway.

Q: I have created an AWS Direct Connect gateway with one AWS Direct Connect Private VIF, and three non-overlapping virtual private gateways (VGWs) -- each associated with a VPC. What happens if I detach one of the VGW from the VPC?

Traffic from your on-premises network to the detached VPC will stop, and VGW's association with the AWS Direct Connect gateway will be deleted.

Q: I have created an AWS Direct Connect gateway with one AWS Direct Connect VIF, and three non-overlapping VGW-VPC pairs, what happens if I detach one of the virtual private gateways (VGW) from the AWS Direct Connect gateway?

Traffic from your on-premises network to the detached VGW (associated with a VPC) will stop.

Q: Can I send traffic from a VPC that is associated with an AWS Direct Connect gateway to another VPC associated to the same AWS Direct Connect gateway?

No, AWS Direct Connect gateway's only support routing traffic from AWS Direct Connect VIFs to VGW (associated with VPC). In order to send traffic between two VPCs, you must configure a VPC peering connection.

Q: I currently have a VPN in us-east-1 that is attached to a virtual private gateway (VGW). If I associate this VGW to an AWS Direct Connect gateway, can I send traffic from my VPN to a VIF attached to the AWS Direct Connect gateway in a different AWS Region?

No, an AWS Direct Connect gateway will not route traffic between a VPN and an AWS Direct Connect VIF. To enable this use case, you must create a VPN in the AWS Region of the VIF and attach the VIF and the VPN to the same VGW.

Q: Can I resize a VPC that is associated with an AWS Direct Connect gateway?

Yes, you can resize the VPC. If you resize your VPC, you must resend the proposal with the resized VPC CIDR to the AWS Direct Connect gateway owner. Once the AWS Direct Connect gateway owner approves the new proposal, the resized VPC CIDR will be advertised towards your on-premises network.

Q: Is there a way to configure an AWS Direct Connect gateway to selectively propagate prefixes to/from VPCs?

Yes, AWS Direct Connect gateway offers a way for you to selectively announce prefixes towards your on-premises networks. For prefixes that are advertised from your on-premises networks, each VPC associated with an AWS Direct Connect gateway receives all prefixes announced from your on-premises networks. If you want to limit traffic to and from any specific VPC, you should consider using Access Control Lists (ACLs) for each VPC.

Page 2

South America (Sao Paulo)

AWS Direct Connect Partners	Equinix DC2/DC11, Ashburn, VA	CoreSite NY1, New York, NY	Equinix DA2, Dallas, TX	CoreSite VA1, Reston, VA	165 Halsey Street, Newark, NJ	Crown Castle, Philadelphia, PA	Digital Realty ATL1, Atlanta, GA	Markley, One Summer Street, Boston, MA	Equinix MI1, Miami, FL	Equinix NY5, Secaucus, NJ
Altice Business (Lightpath)	✔	✔
Apcela	✔	✔
Arelion	✔G		✔G
AT&T	✔		✔		✔				✔
Atlantic Metro Communications		✔
Beanfield Metroconnect	✔			✔
Bestel	✔		✔				✔
Bicentel sa de cv - c3ntro	✔G		✔G						✔G	✔G
BICS	✔H		✔H
BSO Network Solutions					✔
BT	✔G			✔G	✔G	✔G		✔G	✔G
China Mobile International	✔G								✔G
China Telecom Global Limited	✔G		✔G
China Unicom Global	✔								✔
CITIC Telecom CPC		✔H
Claro Embratel Telmex			✔H						✔H
Cologix	✔H	✔	✔H		✔
Colt	✔H	✔	✔		✔		✔	✔	✔	✔
Comcast	✔
Console Connect	✔G		✔G	✔G					✔G
CoreSite		✔G		✔G
Cox Business	✔		✔
Crown Castle	✔H	✔H	✔	✔	✔	✔H	✔	✔	✔	✔
CyrusOne			✔
Datapath.io GmbH	✔H
Datapipe	✔			✔
DE-CIX		✔G	✔G		✔G
Digital Realty	✔	✔					✔
Epsilon	✔G		✔G		✔G				✔G
Equinix, Inc.	✔G		✔G		✔H		✔		✔G	✔G
FiberLight	✔		✔	✔			✔
First Communications	✔					✔
Flexential	✔		✔				✔		✔
Global Cloud Xchange	✔H	✔	✔		✔	✔			✔
GTT	✔	✔	✔	✔	✔	✔	✔	✔	✔
HopOne	✔
InterCloud	✔G		✔G							✔G
Internet2	✔G		✔G
IX Reach	✔H	✔	✔	✔
Lumen	✔H	✔G	✔G	✔G	✔	✔	✔G	✔	✔	✔
Masergy	✔		✔						✔
Megaport	✔	✔G	✔	✔G			✔	✔	✔	✔G
MCM Telecom			✔H
Neutrona Networks	✔G								✔G
NTT Communications Corporation	✔			✔
Orange Business Services	✔G		✔				✔	✔
PacketFabric	✔	✔	✔G	✔G	✔G		✔G	✔	✔G	✔G
Pureport	✔G		✔H
QTS	✔		✔				✔
RCN	✔							✔
Sprint	✔							✔
Sohonet		✔					✔
Summit IG	✔			✔
T-Systems International	✔									✔
Tata Communications	✔H		✔		✔		✔	✔
Telecom Italia Sparkle	✔				✔				✔	✔
Telefonica	✔		✔
Telstra		✔G
TOWARDEX		✔
Transtelco			✔H
Verizon	✔	✔	✔	✔	✔	✔	✔	✔	✔
Vodafone	✔H	✔H					✔		✔
XO Communications	✔H		✔	✔	✔	✔	✔	✔
YellowFiber Networks	✔			✔
Zayo Group	✔G	✔G	✔	✔	✔	✔	✔	✔	✔	✔

AWS Direct Connect Partners	Equinix CH2, Chicago, IL	QTS, Chicago, IL	Cologix COL2, Columbus, OH	CyrusOne West III, Houston, TX	Cologix MIN3, Minneapolis, MN
Arelion	✔	✔G		✔G	✔
AT&T	✔		✔		✔
Atlantic Metro Communications	✔
BICS	✔H
Beanfield Metroconnect			✔
BSO Network Solutions	✔
BT	✔G			✔G
China Mobile International	✔G
China Telecom Global Limited	✔G
Cologix			✔H		✔H
Colt	✔H
Comcast	✔
Console Connect	✔G
CoreSite	✔G
Crown Castle	✔		✔	✔	✔
Epsilon	✔G
Equinix, Inc.	✔G
FiberLight				✔
Flexential	✔				✔
Global Cloud Xchange	✔
GTT	✔				✔
HopOne	✔
InterCloud	✔G
Internet2	✔G
IX Reach	✔H			✔
Lumen	✔G	✔	✔	✔	✔
Masergy	✔				✔
Megaport	✔G	✔		✔
Orange Business Services	✔
PacketFabric	✔	✔G		✔
Pureport	✔H
QTS		✔
RCN	✔
Sprint	✔
T-Systems International				✔
Tata Communications	✔			✔
Verizon	✔		✔	✔	✔
XO Communications	✔		✔		✔
Zayo Group	✔G	✔	✔	✔	✔G

AWS Direct Connect Partners	CoreSite LA1, Los Angeles, CA	Equinix LA3, El Segundo, CA	Equinix SV5, San Jose, CA	Coresite SV2, Milpitas, CA	CoreSite SV4, Santa Clara, CA	PhoenixNAP, Phoenix, AZ
Arelion	✔		✔G			✔
AT&T		✔	✔	✔
Bestel			✔
BICS	✔H
BSO Network Solutions	✔		✔
BT			✔G
CDNetworks				✔
Century Link				✔
China Mobile International	✔G
China Telecom Global Limited			✔G
CITIC Telecom CPC	✔H
Cogent Communications				✔
Colt	✔		✔H			✔
Comcast Corporation			✔	✔
Console Connect	✔G	✔G	✔G
CoreSite	✔G			✔G	✔G
Cox Business			✔
Crown Castle	✔H	✔G
Datapipe			✔		✔
Digital Realty	✔
Epsilon	✔G		✔G
Equinix, Inc.		✔G	✔G
Fiber Internet Center			✔		✔
Flexential			✔
Global Cloud Xchange	✔H		✔
GTT		✔	✔		✔	✔
HGC Global Communications	✔H
Hypersurf				✔
InterCloud			✔G
Internap				✔
Internet2			✔G
IX Reach	✔H	✔	✔		✔
KDDI Corporation	✔G
Layer42			✔		✔
Level (3) Communications				✔
Lumen	✔G	✔	✔	✔	✔G	✔
Masergy			✔
Megaport	✔G		✔G
M-Way Group				✔
Neutrona Networks	✔G
NTT Communications Corporation	✔		✔
Optic Access				✔
Orange Business Services			✔G
PacketFabric	✔G	✔G	✔		✔G	✔G
Pureport			✔G
QTS			✔
Sprint			✔
Sohonet	✔
Tata Communications			✔H			✔
Telecom Italia Sparkle	✔
Telstra	✔G		✔G
Transtelco	✔H
Verizon	✔		✔		✔	✔
Vodafone	✔H	✔	✔H
WaveDivision Holdings LLC				✔
XO Communications		✔	✔		✔	✔
Zayo Group	✔G	✔	✔G	✔	✔G	✔
Zenlayer Inc.				✔G

AWS Direct Connect Partners	Equinix SE2, Seattle, WA	TierPoint, Seattle, WA	Databank LAS1, Las Vegas, NV	Switch SUPERNAP 8, Las Vegas, NV	EdgeConneX, Portland, OR	Pittock Block, Portland, OR	CoreSite DE1, Denver, CO	T5 at El Segundo, Los Angeles, CA
Arelion	✔	✔			✔G	✔	✔
AT&T	✔
Beanfield Metroconnect	✔
China Mobile International	✔G
Colt	✔H
Comcast	✔				✔
Console Connect	✔G			✔G
CoreSite							✔G
Cox Business				✔
Crown Castle	✔			✔			✔
Datapath.io GmbH					✔	✔H
Datapipe	✔
EdgeConneX					✔
ePLDT	✔
Epsilon	✔G
Equinix, Inc.	✔G
Flexential				✔		✔	✔
GTT	✔						✔
HopOne	✔
Internet2	✔G
IX Reach	✔H			✔H			✔
Layer42	✔
Lumen	✔G	✔		✔H	✔	✔	✔	✔
Masergy	✔
Megaport	✔G			✔G	✔		✔
Orange Business Services	✔H	✔H
PacketFabric	✔			✔G	✔	✔G	✔G
Pureport	✔H
QTS	✔
Sprint	✔
Telstra	✔G
Telus	✔
TierPoint		✔
Transtelco	✔H
Verizon	✔	✔		✔		✔	✔
XO Communications	✔H	✔		✔	✔	✔	✔
Zayo Group	✔G	✔		✔	✔G	✔	✔	✔

South America (Sao Paulo)

AWS Direct Connect Partners	Digital Realty (UK) Docklands, London, England	Equinix LD5, Slough, England	Eircom Clonshaugh, Dublin, Ireland	Interxion DUB2, Dublin, Ireland	Interxion MRS1, Marseille, France	Teraco CT1, Cape Town, South Africa	Teraco JB1, Johannesburg, South Africa	Equinix DX1, Dubai, UAE	Etisalat Smart Hub Data Center, Fujairah, UAE
Apcela		✔
Arelion	✔G	✔G			✔
AT&T	✔	✔		✔	✔
Batelco	✔G
BICS	✔H	✔H
BSO Network Solutions		✔			✔		✔		✔
BT	✔G	✔G	✔G	✔G	✔G	✔G	✔G
Cellnex Telecom	✔
China Mobile International		✔G
Colt	✔H	✔H	✔H	✔G	✔
Console Connect	✔G					✔G	✔G
Datapath.io GmbH		✔
Datapipe	✔	✔
DE-CIX								✔G
Digital Realty	✔	✔
eircom Ltd.			✔
Epsilon	✔G	✔G			✔G			✔
Equinix, Inc.	✔G	✔G	✔G		✔G			✔G
EUNetworks	✔G	✔G	✔G	✔	✔
Exponential-e Ltd	✔	✔
Global Cloud Xchange	✔H	✔
GTT	✔	✔	✔	✔	✔
HGC Global Communications	✔H
hSo	✔H	✔H
Infonas	✔H							✔H	✔H
InterCloud	✔	✔	✔G
Interxion				✔G	✔G
IX Reach	✔H	✔		✔	✔
KCOM	✔
Kalaam Telecom	✔							✔
KPN	✔H	✔H
Liquid Intelligent Technologies						✔G	✔G
Lumen	✔G	✔H	✔G	✔G	✔	✔	✔	✔
Masergy	✔	✔
Megaport	✔G	✔G		✔
MTN Business	✔
NL-ix	✔	✔			✔
NTT Communications Corporation	✔
Orange Business Services	✔	✔G			✔		✔
PacketFabric		✔G
Sohonet	✔
Tamares Telecom	✔H
Tata Communications	✔H	✔	✔H		✔
Telecom Italia Sparkle	✔H				✔
Telefonica	✔	✔		✔
Telstra	✔G
Teraco						✔H	✔H
T-Systems International		✔
Updata	✔
Vodacom						✔G	✔G
Venus	✔
Verizon	✔	✔		✔	✔
Vodafone	✔H	✔H			✔
Zain Group	✔							✔	✔H
Zayo Group	✔G	✔G		✔

AWS Direct Connect Partners	Interxion ZUR1, Zurich, Switzerland	Interxion VIE2, Vienna, Austria	CDLAN Srl in Via Caldera 21, Milano, Italy	CE Colo, Prague, Czech Republic	Equinix MU1, Munich, Germany	IPB, Berlin, Germany	Equinix FR5, Frankfurt, Germany	Interxion FRA6, Frankfurt, Germany	Equinix AM3, Amsterdam, Netherlands	Interxion AMS7, Amsterdam, Netherlands
Arelion		✔		✔	✔	✔	✔	✔G	✔G
AT&T	✔						✔
BICS							✔H	✔H
BSO Network Solutions							✔			✔
BT							✔G	✔G	✔G
Cinia							✔
China Mobile International							✔G
China Telecom Global Limited							✔G		✔G
CITIC Telecom CPC							✔H
Colt	✔	✔	✔	✔	✔	✔	✔G	✔G	✔H	✔
Console Connect							✔G	✔G
Datapath.io GmbH								✔H	✔
DE-CIX					✔G		✔H	✔H
Epsilon							✔G		✔
Equinix, Inc.			✔G		✔		✔G		✔G
e-shelter							✔
EUNetworks	✔	✔	✔		✔	✔	✔G	✔G	✔	✔
Exponential-e Ltd								✔
Global Cloud Xchange							✔H
GTT	✔	✔		✔	✔	✔	✔		✔
HGC Global Communications							✔H
InterCloud	✔G						✔G	✔G	✔G
Interxion	✔G	✔G						✔		✔G
ITNET			✔G
IX Reach		✔		✔		✔	✔	✔H	✔
KPN							✔H	✔H
Lumen	✔	✔	✔	✔	✔	✔	✔	✔	✔	✔
Masergy							✔		✔
Megaport	✔G							✔	✔
NL-ix	✔	✔		✔	✔	✔	✔	✔	✔
Orange Business Services							✔G		✔
Tamares Telecom							✔
Tata Communications		✔			✔		✔H
Telecom Italia Sparkle			✔				✔H		✔H
Telefonica	✔	✔				✔	✔H	✔	✔
Telehouse
Telstra							✔G
T-Systems International		✔			✔	✔	✔H	✔	✔
Verizon	✔	✔					✔	✔	✔
Vodafone					✔	✔	✔H	✔H	✔H
Zain Group							✔H
Zayo Group	✔	✔					✔G	✔	✔	✔

AWS Direct Connect Partners	Telehouse Voltaire, Paris, France	Interxion MAD2, Madrid, Spain	Interxion STO1, Stockholm, Sweden	Equinix WA1, Warsaw, Poland	Interxion CPH2, Copenhagen, Denmark	Equinix HE6, Helsinki, Finland	Equinix ITConic MD2, Madrid, Spain	DigiPlex Ulven, Oslo, Norway
Arelion	✔	✔					✔	✔
AT&T	✔	✔					✔
BICS			G
BSO Network Solutions	✔
BT	✔G	✔G					✔G
Cinia			✔			✔
China Mobile International
China Telecom Global Limited
CITIC Telecom CPC
Colt	✔	✔	✔H	✔	✔		✔H
Console Connect	✔G
Datapath.io GmbH
DE-CIX		✔G
Epsilon	✔G
Equinix, Inc.				✔G		✔G	✔G
e-shelter
EUNetworks	✔	✔	✔	✔	✔	✔	✔	✔
Exponential-e Ltd
Global Cloud Xchange
GTT	✔	✔	✔	✔			✔
HGC Global Communications
InterCloud		✔G
Interxion		✔G	✔G		✔G
IX Reach	✔	✔
KPN				✔			✔
Lumen	✔G	✔	✔	✔	✔	✔	✔	✔
Masergy
Megaport		✔G	✔					✔
NL-ix	✔		✔	✔
Orange Business Services	✔	✔		✔			✔
Tamares Telecom
Tata Communications	✔	✔		✔			✔
Telecom Italia Sparkle	✔						✔
Telefonica	✔	✔					✔
Telehouse	✔
T-Systems International
Verizon	✔	✔	✔				✔
Vodafone		✔	✔				✔
Zain Group
Zayo Group	✔		✔

AWS Direct Connect Partners	GPX, Mumbai, India	Sify Rabale, Mumbai, India	STT GDC India Pvt. Ltd. VSB, Chennai, India	NetMagic DC2, Bangalore, India	STT Delhi DC2, Delhi, India	STT Hyderabad DC1, Hyderabad, India
Bharti Airtel	✔H	✔H	✔	✔
DE-CIX		✔G	✔G		✔G
Global Cloud Xchange	✔H
GPX	✔H
NetMagic Solutions	✔G	✔G		✔G
Reliance Jio	✔	✔	✔	✔
Sify	✔G	✔G	✔G	✔G	✔	✔
Tata Communications	✔H	✔H	✔H	✔	✔H	✔H
Verizon	✔
Vodafone		✔	✔	✔
Vodafone Idea Limited		✔H

AWS Direct Connect Partners	Global Switch SY6, Sydney, Australia	Equinix SY3, Sydney, Australia	NEXTDC S2, Sydney, Australia	NEXTDC M1, Melbourne, Australia	NEXTDC C1, Canberra, Australia	NEXTDC P1, Perth, Australia
AARNet	✔G	✔G	✔G	✔	✔	✔
Amcom	✔	✔				✔
AT&T	✔	✔
BSO Network Solutions		✔
BT	✔G	✔G
Cinenet	✔
CITIC Telecom CPC		✔H
Colt	✔	✔
Console Connect	✔G	✔G
Devoli	✔	✔H
Equinix, Inc.		✔G		✔G
GCOMM Pty Ltd		✔H
Global Cloud Xchange		✔H
Global Switch	✔
HGC Global Communications		✔H
InterCloud		✔
IX Australia	✔
Kordia	✔	✔H
Lumen		✔H
Masergy	✔	✔
Megaport	✔G	✔G		✔G	✔	✔G
NEXTDC	✔G	✔G	✔G	✔G	✔G	✔G
NTT Communications Corporation	✔	✔
NTT Communications ICT Solutions	✔	✔		✔	✔
Optus	✔H	✔H		✔H
Orange Business Services	✔H	✔H
Over the wire	✔	✔
PacketFabric		✔G
Sohonet		✔
Spark	✔	✔
Sprint				✔
Tata Communications	✔	✔H
TechFlow	✔	✔		✔	✔	✔
Telstra	✔G	✔G		✔G	✔G	✔G
TPG Telecom/AAPT	✔	✔H			✔	✔
Verizon	✔	✔
Vocus	✔H	✔H	✔	✔H		✔
Vodafone	✔H	✔H
VPN Solutions		✔H		✔
Zayo Group		✔

AWS Direct Connect Partners	Equinix TY2, Tokyo, Japan	Equinix OS1, Osaka, Japan	AT Tokyo Chuo Data Center, Tokyo, Japan	Chief Telecom LY, Taipei, Taiwan	Chunghwa Telecom, Taipei, Taiwan
ARTERIA Networks Corporation	✔	✔	✔
AT Tokyo		✔G	✔G
AT&T	✔	✔
BBIX	✔	✔	✔
BSO Network Solutions	✔		✔	✔
BT	✔G		✔G
CHUAN KAI INTERNATIONAL				✔H
Chief Telecom				✔G
China Mobile International	✔G			✔G
China Telecom Global Limited		✔G	✔G
Chunghwa Telecom					✔H
CITIC Telecom CPC	✔H		✔H	✔H
Console Connect	✔G	✔G	✔G	✔G
Colt	✔H	✔H	✔H
Datapath.io GmbH	✔
Epsilon	✔G		✔G
Equinix, Inc.	✔G	✔G
Global Cloud Xchange	✔H		✔H
GTT	✔
HGC Global Communications	✔H
Internet Initiative Japan Inc.		✔G	✔G
InterCloud	✔G
iTec Cloud Connect		✔G	✔G
ITEC Hankyu Hanshin Co., Ltd.		✔H	✔H
IX Reach	✔
KDDI	✔G	✔	✔G
Lumen	✔G	✔	✔
Megaport	✔G	✔G	✔G
NHN Techorus Corp.	✔G		✔G
Nomura Research Institute (NRI)	✔
NTT Communications Corporation	✔G	✔G	✔G
NTT East	✔
Orange Business Services	✔H		✔H
Sejong	✔H
Tata Communications	✔H
Telstra	✔G		✔G	✔G
TOKAI Communications	✔G	✔G	✔G
Verizon	✔		✔
Zayo Group	✔	✔

Page 3

AWS Direct Connect is available at locations around the world. In some campus settings, AWS Direct Connect is accessible using standard cross-connects from other data centers operated by the same provider on the same campus. Below is a list of all AWS Direct Connect locations and campus data centers where AWS Direct Connect is accessible using a standard cross-connect. For high availability, AWS recommends that you use more than one location.

You can access any AWS Region from any of our AWS Direct Connect locations listed below (except China). The Associated AWS Region column in the table is the default Region for your connection. With AWS Direct Connect Gateway or public Virtual Interfaces, you can access any other AWS Region (except China) from your chosen location. When using AWS Direct Connect Gateways or public Virtual Interfaces, traffic flows directly between the AWS Direct Connect location selected and the destination AWS Region without traversing the Associated AWS Region. Choose the AWS Direct Connect location and AWS Region closest to your on-premises infrastructure to minimize cost, management overhead, and latency.

Speeds available by location are indicated with "✔". MACSec support for a specific port speed is indicated with a "✔M".

If you do not have equipment at an AWS Direct Connect location, you can setup AWS Direct Connect with the assistance of a member of the AWS Partner Network. AWS has a growing list of APN Technology and Consulting Partners who can assist you in accessing the AWS Direct Connect service. These APN Partners can help you establish network circuits between an AWS Direct Connect location and your data center, office, or colocation environment.

*Equinix DC2 and DC11 form one AWS Direct Connect location. When you order a connection from the Equinix DC2/DC11 location, the Letter of Authorization provided by AWS will specify Meet Me Room details for either DC2 or DC11 based on capacity available at that time.

** For purposes of the AWS Direct Connect Service Level Agreement, the Equinix OS1 location may also be considered associated with the Asia Pacific (Osaka) Region for purposes of satisfying the Minimum Configuration Requirements.

*** For purposes of the AWS Direct Connect Service Level Agreement, the Teraco CT1 location may also be considered associated with the Africa (Cape Town) Region for purposes of satisfying the Minimum Configuration Requirements.

**** For purposes of the AWS Direct Connect Service Level Agreement, the Cologix COL2 location may also be considered associated with the GovCloud (US-East) Region for purposes of satisfying the Minimum Configuration Requirements.