To connect to AWS, you must have:

  • A Pureport Account with permissions to create Networks and Connections
  • An AWS Direct Connect Gateway configured with the Amazon ASN set to either the AWS default of 64512 or to another ASN that you have documented.
  • Access to your AWS Account(s) via the AWS Console. 

    Note: If you are using an IAM account or Role, ensure you have the necessary permissions granted.

Log into AWS Console and find your AWS Account ID

To locate your AWS Account ID, access AWS Management Console Support Center (

Your Account number is locate at the top of the page:

Create an AWS DirectConnect connection in the Pureport Console

To create a new connection:

  1. Login to the Pureport Console using an account with an appropriate Role.
    At a minimum you will need the Create and Update permissions for Networks. For more information on Roles, see the Accounts, Members and Roles article.

  2. In the left navigation bar, select the Networks tab.
  3. On the Networks screen, select the network to add the connection to AWS.
    Note: To create a new network for this connection, see the Creating a Network article.

  4. Select Add Connection... at the top-right of the console, or click a location on the network map.

  5. In the New Connection window, select AWS Direct Connect as the connection type, then click Next.

  6. Select the AWS Cloud Region for the connection, then click Next.
  7. Select the Pureport location you would like this connection to be created, and click Next. Note that only Pureport locations with direct access to the chose AWS Region will be selectable.
  8. Select a Peering Type. For VPC Connectivity via a VGW or Direct Connect Gateway, choose Private. Refer to the article on Creating an AWS Public VIF for more info on the Public option.
  9. Select the Speed of the connection. By default redundant, HA connections will be created according to AWS best practices. Uncheck this box if you do not wish to have a High Availability connection. Note that Pureport's connection SLAs only apply to when HA is enabled.
  10. Enter your AWS Account ID, and click Next.
  11. In the BGP Ssettings section, enter the default ASN (autonomous system number) used by AWS, 64512 then click Next.
    Note: If you used a custom ASN when you created the VGW in the AWS Console, you will need to enter the value you used here.
  12. Optionally add any CIDR networks you may be connecting. Note, these are only used when subsequently connecting a policy-based VPN to your Pureport network OR when configuring NAT on the connection and are otherwise completely optional. Click Next when finished.
  13. You may also enable and configure Cloud Grade NAT if desired, as detailed in the Cloud Grade NAT knowledge-base article. Then click Next.
  14. Enter a meaningful Name and Description, then click Add Connection.
  15. After saving the Connection, the system displays the Primary and Secondary Gateway information:connection.
  16. Record the following information from the Primary and Secondary Gateways in the new connection (you can use the copy icon to the right of each item to ensure an exact copy to the clipboard):
    • Pureport ASN
    • Pureport IP
    • Remote IP
    • BGP Password

You will need this information later.

Accept the Hosted Connection in the AWS Console

After creating the new Connection, use this procedure to accept the Connection in the AWS Console. See "Accepting a Hosted Connection" in the AWS Direct Connect User Guide for details. 

  1. Open the AWS Direct Connect console at
    If necessary, change the Region in the navigation bar.

  2. In the navigation pane, choose Connections.

  3. On the Connections page are the two connections you created: Primary and Secondary. These connections are named the same as the connections you created in the Pureport Console. Both in the ordering state.
    Note: If you are not using an HA connection, there is only a Primary connection. 

  4. Select the Primary hosted connection and choose Accept.
  5. Select Confirm in the confirmation window.

Repeat steps 4 and 5 for the Secondary connection.

Create a Direct Connect Gateway

If you have not already created a Direct Connect gateway, you will need to create one to proceed with the Private Virtual interface creation. If you already have a Direct Connect gateway you will terminate this Direct Connect circuit on, you may skip this step.

  1. Open the AWS Direct Connect console at
  2. In the navigation pane, choose Direct Connect gateways.
  3. Choose Create Direct Connect gateway.  The Direct connect gateway creation page appears.
  4. Enter the Name you wish for your Direct Connect gateway under the Name section.
  5. Enter the Amazon Side ASN using Amazon's ASN number 64512 or another ASN if you so desire.

Create a Private Virtual Interface

  1. Open the AWS Direct Connect console at

  2. In the navigation pane, choose Connections.

  3. Select the Primary connection and choose Create Virtual Interface. The Create a Virtual Interface page appears.

  4. At the top of the page, select Private.

  5. In the Private Virtual Interface settings area:

    • Virtual Interface Name: Enter a name for the virtual interface.

    • Virtual Interface Owner: Select My AWS Account if the virtual interface is for your AWS account.

  6. In the Gateway type area:
    • Connection To: Select Direct Connect Gateway

    • Direct Connect Gateway: Select the your direct connect gateway.

  7. In the VLAN area:

    • VLAN: The ID is automatically set to match the Gateway VLAN in the Pureport Console and SHOULD NOT be changed.

  8. In the BGP area:

  9. Expand the Additional Settings area:
    • Address family: Select IPv4. Pureport only supports IPv4 at this time.

    • Your router peer IP: Enter the value of the Pureport IP in CIDR format from Creating a Connection.

    • Amazon router peer IP: Enter the value of the Remote IP in CIDR format from Creating a Connection.

    • BGP Authentication Key: Enter the BGP Password from Creating a Connection.

  10. Select Continue.

Repeat this process for the Secondary connection.

Create a Virtal Private Gateway (VGW) and Attach it to your VPC

If your VPC does not already have a Virtual Private Gateway (VGW) configured, you will need to configure one now to proceed in the setup. Please note your VPC can only be attached to one VGW at a time.

  1. Open the AWS Direct Connect console at
  2. In the navigation pane, choose Virtual Private gateways.
  3. Choose Create virtual private gateway.  The Virtual Private Gateway creation page appears.
  4. Enter a Name Tag of your choosing and select the Amazon Default ASN radio button
  5. Select Create Virtual Private Gateway to create the VGW
  6. Select the VGW that was just created and choose Actions
  7. Select Attach to VPC. The Attach to VPC page appears.
  8. Select the VPC you wish to attache the VGW too and select Yes, Attach

Associate the Direct Connect Gateway (DCG) to the Virtual Private Gateway (VGW)

The already created Direct Connect Gateway and Virtual Private Gateway will now need to be associated to allow for communication.

  1. Open the AWS Direct Connect console at
  2. In the navigation pane, choose Direct Connect gateways.
  3. Select your already created Direct Connect Gateway from the list by clicking on it's ID. The General configuration page will load.
  4. Navigate to the Gateway associations tab and click on Associate gateway. The Associate Gateway screen will load.
  5. Select the VGW you have created and attached to your VPC from the Gateways drop-down. You can optionally add allowed prefixes here, however most use cases do not require this and can leave this section blank.
  6. Select Associate gateway.

VPC Route Propagation

If you have not already done so, you will need to enable route propagation at the VPC level in order for your VPC(s) to announce and learn routes via BGP. Given that you are using the Direct Connect Gateway, you will need to do this for each VPC Route Table that belongs to a VPC that is associated to the Direct Connect Gateway.

In the AWS Console, open the VPC dashboard, click on Route Tables and select the route table which corresponds to your VPC, then click on Route Propagation to determine whether propagation is enabled:


If propagation is set to No, click the Edit route propagation button to change the setting: