Use the Amazon Direct Connect CLI
You can use the Amazon CLI to create and work with Amazon Direct Connect resources.
The following example uses the Amazon CLI commands to create an Amazon Direct Connect connection. You can also download the Letter of Authorization and Connecting Facility Assignment (LOA-CFA) or provision a private or public virtual interface.
Before you begin, ensure that you have installed and configured the Amazon CLI. For more information, see the Amazon Command Line Interface User Guide.
Contents
Step 1: Create a connection
The first step is to submit a connection request. Ensure that you know the port speed that you require and the Amazon Direct Connect location. For more information, see Dedicated and hosted connections.
To create a connection request
-
Describe the Amazon Direct Connect locations for your current Region. In the output that's returned, take note of the location code for the location in which you want to establish the connection.
aws directconnect describe-locations
{ "locations": [ { "locationName": "City 1, United States", "locationCode": "Example Location 1" }, { "locationName": "City 2, United States", "locationCode": "Example location" } ] }
-
Create the connection and specify a name, the port speed, and the location code. In the output that's returned, take note of the connection ID. You need the ID to get the LOA-CFA in the next step.
aws directconnect create-connection --location
Example location
--bandwidth1Gbps
--connection-name "Connection to AWS
"{ "ownerAccount": "123456789012", "connectionId": "dxcon-EXAMPLE", "connectionState": "requested", "bandwidth": "1Gbps", "location": "Example location", "connectionName": "Connection to AWS", "region": "sa-east-1" }
Step 2: Download the LOA-CFA
After you've requested a connection, you can get the LOA-CFA using the
describe-loa
command. The output is base64-encoded. You must extract
the relevant LOA content, decode it, and create a PDF file.
To get the LOA-CFA using Linux or macOS
In this example, the final part of the command decodes the content using the base64 utility, and sends the output to a PDF file.
aws directconnect describe-loa --connection-id
dxcon-fg31dyv6
--output text --query loaContent|base64 --decode >myLoaCfa
.pdf
To get the LOA-CFA using Windows
In this example, the output is extracted to a file called myLoaCfa.base64. The second
command uses the certutil
utility to decode the file and send the output to
a PDF file.
aws directconneawsct describe-loa --connection-id
dxcon-fg31dyv6
--output text --query loaContent > myLoaCfa.base64
certutil -decode myLoaCfa.base64
myLoaCfa
.pdf
After you've downloaded the LOA-CFA, send it to your network provider or colocation provider.
Step 3: Create a virtual interface and get the router configuration
After you have placed an order for an Amazon Direct Connect connection, you must create a virtual interface to begin using it. You can create a private virtual interface to connect to your VPC. Or, you can create a public virtual interface to connect to Amazon services that aren't in a VPC. You can create a virtual interface that supports IPv4 or IPv6 traffic.
Before you begin, ensure that you've read the prerequisites in .
When you create a virtual interface using the Amazon CLI, the output includes generic router configuration information. To create a router configuration that's specific to your device, use the Amazon Direct Connect console. For more information, see Download the router configuration file.
To create a private virtual interface
-
Get the ID of the virtual private gateway (vgw-xxxxxxxx) that's attached to your VPC. You need the ID to create the virtual interface in the next step.
aws ec2 describe-vpn-gateways
{ "VpnGateways": [ { "State": "available", "Tags": [ { "Value": "DX_VGW", "Key": "Name" } ], "Type": "ipsec.1", "VpnGatewayId": "vgw-ebaa27db", "VpcAttachments": [ { "State": "attached", "VpcId": "vpc-24f33d4d" } ] } ] }
-
Create a private virtual interface. You must specify a name, a VLAN ID, and a BGP Autonomous System Number (ASN).
For IPv4 traffic, you need private IPv4 addresses for each end of the BGP peering session. You can specify your own IPv4 addresses, or you can let Amazon generate the addresses for you. In the following example, the IPv4 addresses are generated for you.
aws directconnect create-private-virtual-interface --connection-id
dxcon-fg31dyv6
--new-private-virtual-interface virtualInterfaceName=PrivateVirtualInterface
,vlan=101
,asn=65000
,virtualGatewayId=vgw-ebaa27db
,addressFamily=ipv4{ "virtualInterfaceState": "pending", "asn": 65000, "vlan": 101, "customerAddress": "192.168.1.2/30", "ownerAccount": "123456789012", "connectionId": "dxcon-fg31dyv6", "addressFamily": "ipv4", "virtualGatewayId": "vgw-ebaa27db", "virtualInterfaceId": "dxvif-ffhhk74f", "authKey": "asdf34example", "routeFilterPrefixes": [], "location": "Example location", "bgpPeers": [ { "bgpStatus": "down", "customerAddress": "192.168.1.2/30", "addressFamily": "ipv4", "authKey": "asdf34example", "bgpPeerState": "pending", "amazonAddress": "192.168.1.1/30", "asn": 65000 } "customerRouterConfig": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<logical_connection id=\"dxvif-ffhhk74f\">\n <vlan>101</vlan>\n <customer_address>192.168.1.2/30</customer_address>\n <amazon_address>192.168.1.1/30</amazon_address>\n <bgp_asn>65000</bgp_asn>\n <bgp_auth_key>asdf34example</bgp_auth_key>\n <amazon_bgp_asn>7224</amazon_bgp_asn>\n <connection_type>private</connection_type>\n</logical_connection>\n", "amazonAddress": "192.168.1.1/30", "virtualInterfaceType": "private", "virtualInterfaceName": "PrivateVirtualInterface" }
To create a private virtual interface that supports IPv6 traffic, use the same command as above and specify
ipv6
for theaddressFamily
parameter. You cannot specify your own IPv6 addresses for the BGP peering session; Amazon allocates you IPv6 addresses. -
To view the router configuration information in XML format, describe the virtual interface you created. Use the
--query
parameter to extract thecustomerRouterConfig
information, and the--output
parameter to organize the text into tab-delimited lines.aws directconnect describe-virtual-interfaces --virtual-interface-id
dxvif-ffhhk74f
--query virtualInterfaces[*].customerRouterConfig --output text<?xml version="1.0" encoding="UTF-8"?> <logical_connection id="dxvif-ffhhk74f"> <vlan>101</vlan> <customer_address>192.168.1.2/30</customer_address> <amazon_address>192.168.1.1/30</amazon_address> <bgp_asn>65000</bgp_asn> <bgp_auth_key>asdf34example</bgp_auth_key> <amazon_bgp_asn>7224</amazon_bgp_asn> <connection_type>private</connection_type> </logical_connection>
To create a public virtual interface
-
To create a public virtual interface, you must specify a name, a VLAN ID, and a BGP Autonomous System Number (ASN).
For IPv4 traffic, you must also specify public IPv4 addresses for each end of the BGP peering session, and public IPv4 routes that you will advertise over BGP. The following example creates a public virtual interface for IPv4 traffic.
aws directconnect create-public-virtual-interface --connection-id
dxcon-fg31dyv6
--new-public-virtual-interface virtualInterfaceName=PublicVirtualInterface
,vlan=2000
,asn=65000
,amazonAddress=203.0.113.1/30
,customerAddress=203.0.113.2/30
,addressFamily=ipv4,routeFilterPrefixes=[{cidr=203.0.113.0/30
},{cidr=203.0.113.4/30
}]{ "virtualInterfaceState": "verifying", "asn": 65000, "vlan": 2000, "customerAddress": "203.0.113.2/30", "ownerAccount": "123456789012", "connectionId": "dxcon-fg31dyv6", "addressFamily": "ipv4", "virtualGatewayId": "", "virtualInterfaceId": "dxvif-fgh0hcrk", "authKey": "asdf34example", "routeFilterPrefixes": [ { "cidr": "203.0.113.0/30" }, { "cidr": "203.0.113.4/30" } ], "location": "Example location", "bgpPeers": [ { "bgpStatus": "down", "customerAddress": "203.0.113.2/30", "addressFamily": "ipv4", "authKey": "asdf34example", "bgpPeerState": "verifying", "amazonAddress": "203.0.113.1/30", "asn": 65000 } ], "customerRouterConfig": "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<logical_connection id=\"dxvif-fgh0hcrk\">\n <vlan>2000</vlan>\n <customer_address>203.0.113.2/30</customer_address>\n <amazon_address>203.0.113.1/30</amazon_address>\n <bgp_asn>65000</bgp_asn>\n <bgp_auth_key>asdf34example</bgp_auth_key>\n <amazon_bgp_asn>7224</amazon_bgp_asn>\n <connection_type>public</connection_type>\n</logical_connection>\n", "amazonAddress": "203.0.113.1/30", "virtualInterfaceType": "public", "virtualInterfaceName": "PublicVirtualInterface" }
To create a public virtual interface that supports IPv6 traffic, you can specify IPv6 routes that you will advertise over BGP. You cannot specify IPv6 addresses for the peering session; Amazon allocates IPv6 addresses to you. The following example creates a public virtual interface for IPv6 traffic.
aws directconnect create-public-virtual-interface --connection-id
dxcon-fg31dyv6
--new-public-virtual-interface virtualInterfaceName=PublicVirtualInterface
,vlan=2000
,asn=65000
,addressFamily=ipv6,routeFilterPrefixes=[{cidr=2001:db8:64ce:ba00::/64
},{cidr=2001:db8:64ce:ba01::/64
}] -
To view the router configuration information in XML format, describe the virtual interface you created. Use the
--query
parameter to extract thecustomerRouterConfig
information, and the--output
parameter to organize the text into tab-delimited lines.aws directconnect describe-virtual-interfaces --virtual-interface-id
dxvif-fgh0hcrk
--query virtualInterfaces[*].customerRouterConfig --output text<?xml version="1.0" encoding="UTF-8"?> <logical_connection id="dxvif-fgh0hcrk"> <vlan>2000</vlan> <customer_address>203.0.113.2/30</customer_address> <amazon_address>203.0.113.1/30</amazon_address> <bgp_asn>65000</bgp_asn> <bgp_auth_key>asdf34example</bgp_auth_key> <amazon_bgp_asn>7224</amazon_bgp_asn> <connection_type>public</connection_type> </logical_connection>