Encryption in Amazon Direct Connect - Amazon Direct Connect
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Encryption in Amazon Direct Connect

Amazon Direct Connect does not encrypt your traffic that is in transit by default. To encrypt the data in transit that traverses Amazon Direct Connect, you must use the transit encryption options for that service. To learn about EC2 instance traffic encryption, see Encryption in Transit in the Amazon EC2 User Guide for Linux Instances.

With Amazon Direct Connect and Amazon Site-to-Site VPN, you can combine one or more Amazon Direct Connect dedicated network connections with the Amazon VPC VPN. This combination provides an IPsec-encrypted private connection that also reduces network costs, increases bandwidth throughput, and provides a more consistent network experience than internet-based VPN connections. For more information, see Amazon VPC-to-Amazon VPC Connectivity Options.

MAC Security (MACsec) is an IEEE standard that provides data confidentiality, data integrity, and data origin authenticity. You can use Amazon Direct Connect connections that support MACsec to encrypt your data from your corporate data center to the Amazon Direct Connect location. For more information, see MAC Security.