Get started using MACsec on a dedicated Amazon Direct Connect connection
The following task gets you started setting up MACsec to use on a Direct Connect dedicated connection
Step 1: Create a connection
To start using MACsec, you must turn the feature on when you create a dedicated connection.
(Optional) Step 2: Create a link aggregation group (LAG)
If you use multiple connections for redundancy, you can create a LAG that supports MACsec. For more information, see MACsec considerations and Create a LAG.
Step 3: Associate the CKN/CAK with the connection or LAG
After you create the connection or LAG that supports MACsec, you need to associate a CKN/CAK with the connection. For more information, see one of the following:
Step 4: Configure your on-premises router
Update your on-premises router with the MACsec secret key. The MACsec secret key on the on-premises router and in the Amazon Direct Connect location must match. For more information, see Download the router configuration file.
Step 5: (Optional) Remove the association between the CKN/CAK and the connection or LAG
You can optionally remove the association between the CKN/CAK and the connection or LAG. f you need to remove the association, see one of the following: