Prerequisites

To connect to AWS, you must have:

  • A Pureport Account with permissions to create Networks and Connections
  • An AWS Direct Connect Gateway configured with the Amazon ASN set as 64512
  • Access to your AWS Account(s) via the AWS Console.

    Note: If you are using an IAM account or Role, ensure you have the necessary permissions granted.


Log into AWS Console and find your AWS Account ID

To locate your AWS Account ID, access AWS Management Console Support Center (https://console.aws.amazon.com/support).


Your Account number is locate at the top of the page:



Create an AWS DirectConnect connection in the Pureport Console

To create a new connection:

  1. Log in to the Pureport Console using an account with an appropriate Role.
    At a minimum, you will need the Create and Update permissions for Networks. For more information on Roles, see the Accounts, Members and Roles article.

  2. In the left navigation bar, select the Networks.
     
  3. On the Networks screen, select the network to add the connection to AWS.
    Note: To create a new network for this connection, see the Creating a Network article.

  4. Select Add Connection... at the top-right of the console or click a location on the network map.

  5. In the Type drop-down list, select AWS Direct Connect as the connection type, then click Next.
  6. Next, select the Pureport location you want to connect from:
  7. Select the AWS region you would want to connect to, and click Next. Note that only AWS Regions that are directly accessible from the Pureport POP you selected are available, this option may default for you automatically and can not be changed.
  8. Select Transit for Peering Type, and click Next.


  9. Select 1Gbps (or higher) for the Speed & Availability of the connection, and click Next.
    AWS requires a minimum connection speed of 1Gbps for a Transit Interface. Note that Pureport's connection SLAs only apply to when HA is selected.
  10. Enter your AWS Account ID, and click Next.
     
  11. In the BGP Settings section, enter the default ASN (autonomous system number) used by AWS, 64512, then click Next.
    Note: If you used a custom ASN when you created the VGW in the AWS Console, enter its value you here, instead.
  12. Optionally add any CIDR networks you may be connecting. Click Next when finished.
    Note: These are optional, and only used when subsequently connecting a policy-based VPN to your Pureport network.
  13. Optionally enable configure Cloud Grade NAT if desired, then click Next.
    See the Cloud Grade NAT article for more information.
  14. Enter a meaningful Name and Description, then click Add Connection.
  15. After saving the Connection, the system displays the Primary and Secondary Gateway information.
  16. Record the following information from the Primary and Secondary Gateways of the new connection. You will need this information later.
    • Pureport IP
    • Pureport ASN
    • Remote IP
    • BGP Password

        Tip: Use the copy icon (to the right of each item) to ensure an exact copy to your clipboard.


Accept the Hosted Connection in the AWS Console

After creating the new connection, use this procedure to accept the Connection in the AWS Console. See Accepting a Hosted Connection in the AWS Direct Connect User Guide for details.

  1. In the Purport Console, you will be presented with a Post-Configuration screen with details about the connection next steps once the connection to AWS has been provisioned.

  2. To create Accept each of the connections, Click on the "Via the AWS Console" drop box (Via the AWS CLI can also be used if you are leveraging the CLI to manage your cloud environment.  This option will produce the CLI command to accept each of the provisioned connections).

  3. Click on each of the Blue boxes, a new window will open to AWS directly to the associated connection with all values pre-populated.  Simply click accept in the AWS screen to accept the connection and close the new window.

  4. Repeat steps 2 & 3 to accept the second connection.  Optionally, if you do not wish to leverage the links through the Pureport console, the following steps can be taken via the AWS console to complete the acceptance.
  5. Click Next to start creating the Virtual Interface.


Note:  The following steps are only needed if not using the Connection Acceptance steps via the Pureport console as mentioned above.


  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/v2/home.
    If necessary, change the Region in the navigation bar.

  2. In the navigation pane, select Connections.

  3. On the Connections page review the two connections you created: Primary and Secondary.
    These connections are named the same as the connections you created in the Pureport Console. Both in the ordering state.
    Note: If you are not using an HA connection, there is only a Primary connection. 

  4. Select the Primary hosted connection and choose Accept.
  5. Select Confirm in the confirmation window.

Repeat steps 4 and 5 for the Secondary connection.


Create a Direct Connect Gateway

If you have not already created a Direct Connect gateway, you will need to create one to proceed with the Private Virtual interface creation. If you already have a Direct Connect gateway you will terminate this Direct Connect circuit on, you may skip this step.


  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/v2/home.
  2. In the navigation pane, choose Direct Connect gateways.
  3. Choose Create Direct Connect gateway.  The Direct connect gateway creation page appears.
  4. Enter the Name you wish for your Direct Connect gateway under the Name section.
  5. Enter the Amazon Side ASN using Amazon's ASN number 64512 or another ASN if you so desire.


Create a Transit Virtual Interface

  1. Now that the connections have been created, you will be presented with the steps to create your Virtual Interfaces for your new connections in the Pureport Console.

  2. Enter in the Direct Connect Gateway ID for the gateway created in the above section.
  3. Expand the "Via the AWS Console" drop down box and click on each of the buttons to create your Virtual Interface. This will open a new window with the AWS console pre-populated with the necessary settings to create your virtual interface.
  4. Review the settings in the AWS console and click "create virtual interface".  You may need to scroll to the top of the AWS console for a successful creation notice.

    Note:  It can take up to five minutes for the connection acceptance to process in AWS.  If you receive an error at this point, ensure that enough time has elapsed for the connection acceptance to be processed.

  5. Repeat steps 3 & 4 to create a VIF for the secondary connection.

If you do not wish to leverage the above steps, your connection can be manually created in the AWS console by following the below steps. 

The following steps can be skipped (go to the Associating a Transit Gateway to a Direct Connect Gateway) if you have already completed the VIF creation above.

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/v2/home.

  2. In the navigation pane, select Connections.

  3. Select the Primary connection and choose Create Virtual Interface. The Create a Virtual Interface page appears.

  4. At the top of the page, select Transit.


  5. In the Transit Virtual Interface settings area:

    Enter the following:

    • Virtual Interface Name: Enter a name for the virtual interface.

    • Virtual Interface Owner: Select My AWS Account if the virtual interface is for your AWS account.

  6. In the Direct Connect Gateway field:

    Enter the following:
    • Direct Connect Gateway: Select the your direct connect gateway.

  7. In the VLAN field:

    Review the following:

    • VLAN: The ID is automatically set to match the Gateway VLAN in the Pureport Console. DO NOT change this number.

  8. In the BGP field:
    Enter the following:

  9. Expand the Additional Settings area:
    Enter the following:
    • Address family: Select IPv4. Pureport only supports IPv4 at this time.

    • Your router peer IP: Enter the value of the Pureport IP in CIDR format from Creating a Connection.

    • Amazon router peer IP: Enter the value of the Remote IP in CIDR format from Creating a Connection.

    • BGP Authentication Key: Enter the BGP Password from Creating a Connection.

  10. Select Continue.

Repeat this process for the Secondary connection.

Associating a Transit Gateway to a Direct Connect Gateway

If you have not already done so, you will need to create a Transit Gateway for each Region you wish to connect to your Direct Connect. Each Transit Gateway must use a different ASN, and they must be different than your Direct Connect Gateway. For more information, refer to the AWS documentation on creating Transit Gateways.


  1. In the AWS Console, open the VPC dashboard, select Transit Gateways, then click Create Transit Gateway.
    The Create Transit Gateway page appears.
    Transit Gateway associations with Direct Connect Gateways require you to manage the network prefixes you with to propagate via BGP to your Pureport network. This is managed as part of the Transit Gateway association.

  2. To create an association between your Direct Connect and Transit Gateways, go to the Direct Connect Gateways console and select your Direct Connect Gateway.
  3. Select Gateway Associations, and click Associate Gateway.
  4. Select your Transit Gateway and enter the prefixes of the VPCs to advertise to your Pureport network.
    For more information, refer to the AWS documentation on Allowed Prefixes



You must attach each of your VPCs in the same AWS Region as your Transit Gateway to the Transit Gateway so they may access your Pureport network via Direct Connect. For detailed instructions on how to attach VPCs to a Transit Gateway, refer to the AWS Documentation.