Prerequisites

To connect to AWS, you must have:

  • A Pureport Account with permissions to create Networks and Connections
  • An AWS Direct Connect Gateway configured with the Amazon ASN set as 64512
  • Access to your AWS Account(s) via the AWS Console.

    Note: If you are using an IAM account or Role, ensure you have the necessary permissions granted.


Log into AWS Console and find your AWS Account ID

To locate your AWS Account ID, access AWS Management Console Support Center (https://console.aws.amazon.com/support).


Your Account number is locate at the top of the page:



Create an AWS DirectConnect connection in the Pureport Console

To create a new connection:

  1. Log in to the Pureport Console using an account with an appropriate Role.
    At a minimum, you will need the Create and Update permissions for Networks. For more information on Roles, see the Accounts, Members and Roles article.  

  2. In the left navigation bar, select the Networks.
     
  3. On the Networks screen, select the network to add the connection to AWS.
    Note: To create a new network for this connection, see the Creating a Network article.

  4. Select Add Connection... at the top-right of the console or click a location on the network map.

  5. In the New Connection window, select AWS Direct Connect as the connection Type, then click Next.

  6. Select the AWS Cloud Region for the connection, then click Next.

  7. Select the Pureport Location from which to create the connection, and click Next.
    Note; Only Pureport locations with direct access to the selected AWS Region are available.

  8. Select a Peering Type, and click Next. For VPC Connectivity via a VGW or Direct Connect Gateway, select Private/Transit.
    Refer to the article on Creating an AWS Public VIF for more info on the Public option.

  9. Select 1Gbps (or higher) for the Speed of the connection, and click Next.
    AWS requires a minimum connection speed of 1Gbps for a Transit Interface. By default, redundant, HA connections will be created according to AWS best practices.

  10. Enter your AWS Account ID, and click Next.
     
  11. In the BGP Settings section, enter the default ASN (autonomous system number) used by AWS, 64512, then click Next.
    Note: If you used a custom ASN when you created the VGW in the AWS Console, enter its value you here, instead.

  12. Optionally add any CIDR networks you may be connecting. Click Next when finished.
    Note: These are optional, and only used when subsequently connecting a policy-based VPN to your Pureport network.

  13. Optionally enable configure Cloud Grade NAT if desired, then click Next.
    See the Cloud Grade NAT article for more information.

  14. Enter a meaningful Name and Description, then click Add Connection.

  15. After saving the Connection, the system displays the Primary and Secondary Gateway information.

  16. Record the following information from the Primary and Secondary Gateways of the new connection. You will need this information later.
    • Pureport IP
    • Pureport ASN
    • Remote IP
    • BGP Password

        Tip: Use the copy icon (to the right of each item) to ensure an exact copy to your clipboard.


Accept the Hosted Connection in the AWS Console

After creating the new connection, use this procedure to accept the Connection in the AWS Console. See Accepting a Hosted Connection in the AWS Direct Connect User Guide for details. 

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/v2/home.
    If necessary, change the Region in the navigation bar.

  2. In the navigation pane, select Connections.

  3. On the Connections page review the two connections you created: Primary and Secondary.
    These connections are named the same as the connections you created in the Pureport Console. Both in the ordering state.
    Note: If you are not using an HA connection, there is only a Primary connection. 

  4. Select the Primary hosted connection and choose Accept.
  5. Select Confirm in the confirmation window.

Repeat steps 4 and 5 for the Secondary connection.



Create a Transit Virtual Interface

  1. Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/v2/home.

  2. In the navigation pane, select Connections.

  3. Select the Primary connection and choose Create Virtual Interface. The Create a Virtual Interface page appears.

  4. At the top of the page, select Transit.


  5. In the Transit Virtual Interface settings area:

    Enter the following:

    • Virtual Interface Name: Enter a name for the virtual interface.

    • Virtual Interface Owner: Select My AWS Account if the virtual interface is for your AWS account.

  6. In the Direct Connect Gateway field:

    Enter the following:
    • Direct Connect Gateway: Select the your direct connect gateway.

  7. In the VLAN field:

    Review the following:

    • VLAN: The ID is automatically set to match the Gateway VLAN in the Pureport Console. DO NOT change this number.

  8. In the BGP field:
    Enter the following:

  9. Expand the Additional Settings area:
    Enter the following:
    • Address family: Select IPv4. Pureport only supports IPv4 at this time.

    • Your router peer IP: Enter the value of the Pureport IP in CIDR format from Creating a Connection.

    • Amazon router peer IP: Enter the value of the Remote IP in CIDR format from Creating a Connection.

    • BGP Authentication Key: Enter the BGP Password from Creating a Connection.

  10. Select Continue.

Repeat this process for the Secondary connection.

Associating a Transit Gateway to a Direct Connect Gateway

If you have not already done so, you will need to create a Transit Gateway for each Region you wish to connect to your Direct Connect. Each Transit Gateway must use a different ASN, and they must be different than your Direct Connect Gateway. For more information, refer to the AWS documentation on creating Transit Gateways.


  1. In the AWS Console, open the VPC dashboard, select Transit Gateways, then click Create Transit Gateway.
    The Create Transit Gateway page appears.
    Transit Gateway associations with Direct Connect Gateways require you to manage the network prefixes you with to propagate via BGP to your Pureport network. This is managed as part of the Transit Gateway association.

  2. To create an association between your Direct Connect and Transit Gateways, go to the Direct Connect Gateways console and select your Direct Connect Gateway.

  3. Select Gateway Associations, and click Associate Gateway.

  4. Select your Transit Gateway and enter the prefixes of the VPCs to advertise to your Pureport network.
    For more information, refer to the AWS documentation on Allowed Prefixes



You must attach each of your VPCs in the same AWS Region as your Transit Gateway to the Transit Gateway so they may access your Pureport network via Direct Connect. For detailed instructions on how to attach VPCs to a Transit Gateway, refer to the AWS Documentation.