Configure Direct Connect to a Public Virtual Interface for Access to AWS Services

If your on-premises workloads need access to AWS EC2 instances and services such as S3 over a DX connection, configure a public virtual interface for that traffic in your VPC.

Although SDDC management and workload traffic over DX must use a private VIF or DX Gateway, you can create a DX connection from your on-premises datacenter to a public VIF if you just want to access AWS services from your on-premises workloads or for any purpose that requires a connection to the global AWS backbone.

Prerequisites

Ensure that you meet the prerequisites for virtual interfaces as described in Prerequisites for Virtual Interfaces.

Procedure

Log in to the AWS Console. and complete the steps for creating a hosted public virtual interface under Create a Hosted Virtual Interface.
1. In the Interface Owner field, select My AWS Account.
2. Specify Your router peer IP and Amazon router peer IP.
3. Select Auto-generate BGP key and list any on-premises routes that you want advertised on the AWS backbone in Prefixes you want to advertise.
When the interface has been created, the AWS Console reports that it is ready for acceptance.
Open NSX Manager or the VMC Console Networking & Security tab. Click Direct Connect and accept the virtual interface by clicking ATTACH.
Before it has been accepted, a new VIF is visible in all SDDCs in your organization. After you accept the VIF, it is no longer visible in any other SDDC.

It can take up to 10 minutes for the BGP session to become active. When the connection is ready, the State shows as Attached and the BGP Status as Up.