AWS Configuration - Part 2
Written by DE-CIX Consulting Team
Updated over a week ago

After reviewing the previous article, we are ready to deploy the solution in the AWS Portal. For this example, we will deploy a DX Gateway with a Private VIF and a VPG.


  • Accept the DX Hosted Connection

  • Create a Direct Connect Gateway (DX Gateway)

  • Create a Virtual Private Gateway (VGW) and associate it with the desired VPC

    • The VGW is not a global service; please make sure when creating it that you do it so in the same region as your resources.

    • You can associate up to 10 VGW

  • Think about a /30 IP range network for establishing BGP toward AWS

Now that all the pre-requisites are in place, let’s create a Private VIF and interconnect everything.

Create a Private VIF

Steps for creating a Private VIF

  • Go to the Direct Connect Service, and click on Create virtual interface.

  • Select Private VIF

  • Add the name you consider to this Virtual interface

  • In connection, select the DX Connection you have previously ordered and accepted

  • Select the created Direct Connect Gateway in the pre-requisites

  • Skip the VLAN field; AWS will take care of it

  • BGP ASN from your router


  • Click on Additional settings and complete the following information

  • Fill in with the BGP IPs from the pre-requisites

    • The first IP should be yours

    • The second IP is for AWS

  • Add a secret Password.

  • Enable Jumbo MTU size.

  • Click on create virtual interface.


If you want resiliency, you should repeat this step, creating another Private VIF with a new DX Hosted Connection, and attaching it to the same DX Gateway:

<a href="" target="_blank" rel="nofollow noopener noreferrer"></a>

Check the VIF and establish BGP

Now AWS will create the VIF; it can take up to 10 minutes to be ready

We can download the configuration file by clicking on Actions, Download Sample Configuration.


You’ll need to edit the VLAN ID from the sample configuration and put the VLAN ID you would like to use towards DE-CIX; we’ll handle the rest.

If you use a different VLAN from the DE-CIX one, this setup will not work.

After applying the configuration with the corrected VLAN, the BGP came up.
There is one last step to complete:

Edit the routing table in the VPC to allow connection via DirectConnect

To allow the traffic from the cloud to our on-premises, we need to edit the subnet route table we want to interconnect and add the routes to our network.


The networks can’t overlap, so if you are using the same IP Space as the VPC, it will not work. Also, don’t forget to configure on the on-premises side to redirect the traffic to the Direct Connect path.

If everything is up and the routes have been added, you should be able to ping between your on-premise and the cloud.

Did this answer your question?