Associate a MACsec CKN/CAK with a connection - Amazon Direct Connect
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Associate a MACsec CKN/CAK with a connection

After you create the connection that supports MACsec, you can associate a CKN/CAK with the connection.

Note

You cannot modify a MACsec secret key after you associate it with a connection. If you need to modify the key, disassociate the key from the connection, and then associate a new key with the connection. For information about removing an association, see Remove the association between a MACsec secret key and a connection.

Console
To associate a MACsec key with a connection

  1. Open the Amazon Direct Connect console at https://console.aws.amazon.com/directconnect/v2/home.

  2. In the left pane, choose Connections.

  3. Select a connection, and then choose View details.

  4. Choose Associate key.

  5. Enter the MACsec key.

    [Use the CAK/CKN pair] Choose Key Pair, and then do the following:

    • For Connectivity Association Key (CAK), enter the CAK.

    • For Connectivity Association Key Name (CKN), enter the CKN.

    [Use the secret] Choose Existing Secret Manager secret, and then for Secret, select the MACsec secret key.

  6. Choose Associate key.

Command line
To associate a MACsec key with a connection