Associate a MACsec CKN/CAK with an Amazon Direct Connect endpoint LAG
After you create the LAG that supports MACsec, you can associate a CKN/CAK with the connection using either the Amazon Direct Connect console or using the command line or API.
Note
You cannot modify a MACsec secret key after you associate it with a LAG. If you need to modify the key, disassociate the key from the connection, and then associate a new key with the connection. For information about removing an association, see Remove the association between a MACsec secret key and an Amazon Direct Connect endpoint LAG.
To associate a MACsec key with a LAG
Open the Amazon Direct Connect console at https://console.amazonaws.cn/directconnect/v2/home
. -
In the navigation pane, choose LAGs.
-
Select the LAG and choose View details.
-
Choose Associate key.
-
Enter the MACsec key.
[Use the CAK/CKN pair] Choose Key Pair, and then do the following:
-
For Connectivity Association Key (CAK), enter the CAK.
-
For Connectivity Association Key Name (CKN), enter the CKN.
[Use the secret] Choose Existing Secret Manager secret, and then for Secret, select the MACsec secret key.
-
-
Choose Associate key.
To associate a MACsec key with a LAG using the command line or API
-
associate-mac-sec-key (Amazon CLI)
-
AssociateMacSecKey (Amazon Direct Connect API)