If your workload VMs need access to AWS EC2 instances and services such as S3 over a DX connection, configure a public virtual interface for that traffic in your VPC.

In typical configurations, traffic between your on-premises data center and your SDDC flows over a private VIF. When you need to access AWS services from your SDDC, use direct connect with a public VIF. You can configure AWS security groups to manage traffic between AWS services and VMs in your SDDC.



  1. Log in to the AWS Console. and complete the steps for creating a hosted public virtual interface under Create a Hosted Virtual Interface.
    1. In the Interface Owner field, select My AWS Account.
    2. Specify Your router peer IP and Amazon router peer IP.
    3. Select Auto-generate BGP key and list any on-premises routes that you want advertised on the AWS backbone in Prefixes you want to advertise.
    When the interface has been created, the AWS console reports that it is ready for acceptance.
  2. In the VMC Console, select Networking & Security > Direct Connect and accept the virtual interface by clicking ATTACH.