Associate a MACsec CKN/CAK with an Amazon Direct Connect connection
After you create the connection that supports MACsec, you can associate a CKN/CAK with the connection. You can create the association using either the Amazon Direct Connect console or through the command-line or API.
Note
You cannot modify a MACsec secret key after you associate it with a connection. If you need to modify the key, disassociate the key from the connection, and then associate a new key with the connection. For information about removing an association, see Remove the association between a MACsec secret key and a connection.
To associate a MACsec key with a connection
Open the Amazon Direct Connect console at https://console.amazonaws.cn/directconnect/v2/home
. -
In the left pane, choose Connections.
-
Select a connection, and then choose View details.
-
Choose Associate key.
-
Enter the MACsec key.
[Use the CAK/CKN pair] Choose Key Pair, and then do the following:
-
For Connectivity Association Key (CAK), enter the CAK.
-
For Connectivity Association Key Name (CKN), enter the CKN.
[Use the secret] Choose Existing Secret Manager secret, and then for Secret, select the MACsec secret key.
-
Choose Associate key.
To associate a MACsec key with a connection using the command line or API
-
associate-mac-sec-key (Amazon CLI)
-
AssociateMacSecKey (Amazon Direct Connect API)