AWS Direct Connect Partner Guide

AWS Direct Connect
Partner Guide
Updated March 6, 2019

Version 2.0
AWS Confidential Information
AWS Direct Connect Partner Guide
Contents
What Is AWS Direct Connect? 3
Why Use AWS Direct Connect? 3
What Is an AWS Direct Connect Partner? 3
AWS Direct Connect Resiliency Recommendations 4
AWS Direct Connect Service Models 5
Dedicated Connection 6
Hosted Connection 7
AWS Direct Connect Dedicated Connections 9
AWS Direct Connect Partner Scenarios: Dedicated Connections 10
Scenario 1: Customer Requests Dedicated Connection with AWS Direct Connect Partner Providing
Connectivity 10
Scenario 2: Customer Requests Dedicated Connection with AWS Direct Connect Partner Providing Managed
Equipment and Connectivity 11
Scenario 3: AWS Solution Provider Manages AWS Direct Connect Service 12
AWS Direct Connect Workflow 13
AWS Direct Connect Hosted Connections 14
AWS Account Structure 14
Request an Interconnect 15
To View Customer Hosted Connections 17
To Create a New Hosted Connection For a Customer 18
What the Customer Sees 19
What Does It All Look Like? 20
Hosted VIF Model 21
AWS Direct Connect Partner Program Requirements 22
AWS Direct Connect Validation Checklist Requirements 32
Frequently Asked Questions 35
Appendix A: Core Concepts / Terminology 37
Appendix B: Additional Resources 39
Version 2.0 March 6, 2019 AWS Confidential Information pg. 2

What Is AWS Direct Connect?

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network
connection from a customer’s premises to Amazon Web Services (AWS). Using AWS Direct Connect, a
customer can establish private connectivity between any of our AWS Direct Connect locations and the
customer’s data center, office, or colocation environment. In many cases, this can reduce the
customer’s network costs, increase bandwidth throughput, and provide a more consistent network
experience than Internet-based connections.
A customer can use AWS Direct Connect to access the following resources, while maintaining network
separation between the customer’s public and private environments:
• Public resources such as objects stored in Amazon Simple Storage Service (Amazon S3) using public
globally routable IP address space
• Private resources such as Amazon Elastic Compute Cloud (Amazon EC2) instances that are running
within Amazon Virtual Private Cloud (VPC)
Why Use AWS Direct Connect?

To better understand the benefits that AWS Direct Connect provides, suppose a customer’s application
— such as Amazon WorkSpaces — needs to access resources split between AWS and the customer’s
premises. Or think about a business-critical application running in AWS that a customer needs to
maintain access to, even when the customer can’t access the public internet — for example, during a
distributed denial of service (DDoS) attack.
Another example is a customer who uses an AWS Site-to-Site VPN to encrypt all traffic between the
customer’s on-premises security appliance and the customer’s application running within AWS. Traffic
from virtual private networks (VPNs) traversing the public Internet may be affected by numerous
potential issues, such as variable network paths, bandwidth constraints, and oversubscription of
service provider links, which result in an unpredictable customer experience.
The solution to these potential issues is to provision dedicated connectivity between the customer’s
premises and AWS via AWS Direct Connect.
What Is an AWS Direct Connect Partner?

AWS Direct Connect Partners help customers access AWS Direct Connect. AWS Direct Connect Partners
improve customer experience by providing flexibility and choices on how to connect with AWS. AWS
Direct Connect Partners are experts who have acquired knowledge of AWS Direct Connect through
training and demonstrated experience. AWS Direct Connect Partners use their expertise to guide

customers through initial design, construction and operation of the customer’s integration with AWS
Direct Connect based on the AWS Direct Connect Partner’s own network services.
The AWS Direct Connect Partner Program recognizes those experts who help AWS customers establish
network connectivity between AWS Direct Connect locations and a customer’s data center, office, or
colocation environment. A network service provider may enable a customer to access the customer’s
AWS Direct Connect Dedicated Connection – a 1G or 10G physical Ethernet port dedicated to the
customer – by providing services to bridge the gap between the customer and the customer’s AWS
Direct Connect Dedicated Connection. In addition to enabling customers to access the customer’s AWS
Direct Connect Dedicated Connection, AWS Direct Connect Partners have the exclusive option to
integrate the AWS Direct Connect Partner’s own services with AWS Direct Connect via Hosted
Connections. Hosted Connections are a logical construct that enable AWS Direct Connect Partners to
provision AWS Direct Connect services on behalf of customers in minutes.
The AWS Direct Connect Partner Program – as an AWS Service Delivery Program – is designed for AWS
Partner Network (APN) partners (APN Partners) who specialize in networking services and wish to
differentiate the APN Partner’s expertise in providing network connectivity to customers to access
customer’s AWS Direct Connect Dedicated Connections, and optionally, Hosted Connections. AWS
Direct Connect Partners are APN Partners who achieve the AWS Direct Connect Partner designation via
an application process under the AWS Service Delivery Program. For more information about the AWS
Service Delivery Program, see AWS Service Delivery Program Guidelines. Among other requirements as
described in the AWS Direct Connect Partner Guide (this document), the AWS Direct Connect
Validation Checklist, and the AWS Direct Connect Interconnect Monitoring Technical Requirements
document (referred to as Requirements), AWS Direct Connect Partners have demonstrated their
expertise by enabling at least two customers to access AWS services via the customer’s AWS Direct
Connect Dedicated Connections.
AWS Direct Connect Resiliency Recommendations

AWS offers customers the ability to achieve highly resilient network connections between AWS Direct
Connect and the customer’s on-premises infrastructure. AWS has documented recommended best
practices for customers to follow and AWS Direct Connect Partners to support. These resiliency
recommendations will be referenced multiple times throughout this document, as AWS has prioritized
customer awareness of these recommended best practices and AWS Direct Connect Partner support of
them. AWS wants all customers to be fully informed of their options for obtaining highly resilient
network connections to AWS services, and that customers conduct a risk analysis prior to deciding
upon their network connection architecture. AWS Direct Connect Partners - in their role as an enabler
of customers accessing AWS Direct Connect as well as a source of expert knowledge - have a key role
to play in helping customers think through their connectivity options. AWS requires AWS Direct

Connect Partners guide customers on their options to achieve highly resilient network connections
throughout the customer lifecycle.
AWS Direct Connect Service Models

The following table summarizes the details of the Dedicated Connection and Hosted Connection
models. For more information about terminology, such as virtual interfaces (VIFs), cross connects, etc.,
see Appendix A.
Dedicated Connection Hosted Connection
Speeds 1, 10 Gbps 50, 100, 200, 300, 400, 500 Mbps

1, 2, 5, 10 Gbps1
AWS Direct Connect No Yes
Partner designation
required
Cross connect fee Paid by AWS Direct Connect Partner
AWS port-hour charge Billed to AWS account that owns Dedicated Connection or Hosted
Connection
AWS data egress charge Billed to AWS account that owns associated Virtual Interface(s)
Virtual Interfaces (VIFs) 50 per Dedicated Connection 1 per Hosted Connection; customers
may obtain multiple Hosted
Connections
1
AWS Direct Connect Partners who on-boarded under the Requirements prior to those contained in
the AWS Direct Connect Partner Guide 2.0 document will not have access to provision the 1, 2, 5 or 10
Gbps Hosted Connection capacities. See the Hosted Connections: Capacities requirement in this
document for more information on the process to gain access to provision these capacities.

Dedicated Connection
An organization does not need to be an AWS Direct Connect Partner to enable a customer to access
the customer’s AWS Direct Connect Dedicated Connections. Any network service provider (Provider)
may enable the customer to access the customer’s AWS Direct Connect Dedicated Connections.
The typical process for completing a customer’s request for AWS Direct Connect Dedicated
Connections is as follows; a later section covers the differences that apply to an APN Partner who is
also a member of the Solution Provider Program:
1. The customer confirms with the AWS Direct Connect Partner, or the customer’s preferred
network service provider, that the AWS Direct Connect Partner or Provider can provide service
at the customer’s desired AWS Direct Connect locations, and at the customer premises where
the customer wants the AWS Direct Connect Partner or Provider to extend the customer’s AWS
Direct Connect Dedicated Connections. This is an opportunity to ask the customer if they have
thought about resiliency.
2. The customer orders a 1 Gbps or 10 Gbps AWS Direct Connect Dedicated Connections using the
AWS Management Console under the customer’s own AWS account. If this is the customer’s
first AWS Direct Connect Dedicated Connection, the customer might be asked by AWS for more
information in an email message. If there’s no response from the customer to this message, the
connection won’t be approved until AWS receives a response.
3. After the order is processed by AWS, the customer downloads the Letter of Authorization and
Connecting Facility Assignment (LOA-CFA) document from the AWS Management Console
under the Direct Connect section for each of the customer’s AWS Direct Connect Dedicated
Connections. If the customer doesn’t receive an LOA-CFA document for a Dedicated
Connection, the customer should open a support case to inquire why the LOA-CFA for that
Dedicated Connection has not been issued.
4. If the customer will use more than one Dedicated Connection at a specific AWS Direct Connect
location to achieve high resiliency at that AWS Direct Connect location, the customer should
use the AWS Management Console, CLI, or API to compare the appropriate awsDevice
identifiers for each Dedicated Connection. If in doubt, the customer should consult AWS
technical support.
5. The customer provides the LOA-CFA for each Dedicated Connection to the AWS Direct Connect
Partner or Provider.
6. For each Dedicated Connection, the AWS Direct Connect Partner or Provider provisions the
customer’s connection from the AWS Direct Connect location to the customer’s premises using
the AWS Direct Connect Partner or Provider’s network facilities. (Note that this step does not
apply if the AWS Direct Connect Partner or Provider is the operator of the colocation facility in

which both the AWS Direct Connect location and the customer are colocated, such that only a
cross connect is required to establish connectivity between AWS and the customer.)
7. The AWS Direct Connect Partner or Provider places orders with the AWS Direct Connect
location facility provider for cross connects from the AWS Direct Connect Partner’s or Provider’s
equipment to the AWS equipment as detailed in the customer’s LOA-CFA documents. AWS
Direct Connect Partners or Providers must factor cost recovery for the cross connects and other
related infrastructure used to provide the customer access circuit in the overall service charge
to the customer. For high resiliency use cases, AWS Direct Connect Partner or Provider must
ensure there is no single point of failure in the connectivity and services the customer will use
to access their AWS Direct Connect Dedicated Connections.
8. Once the end to end connections are established, the customer may use the AWS Management
Console to provision VIFs on the customers’ Dedicated Connections. Each VIF maps to an
802.1Q VLAN that is tagged on the associated Dedicated Connection, which the AWS Direct
Connect Partner or Provider will carry to the customer’s premises.
9. For high resiliency use cases, the customer should confirm they have resilient paths between
their AWS services and their on premises infrastructure and they should test fail-over prior to
commencing production use.
Excluding the Solution Provider Program, there is no financial transaction between AWS and the AWS
Direct Connect Partner or Provider when the Dedicated Connection model is used by a customer. The
AWS account that is assigned the Dedicated Connection is billed by AWS for port-hours and the AWS
account(s) that are assigned the associated Virtual Interfaces are billed for egress data transfer. The
pricing for port-hours and data transfer are public and available on the AWS Direct Connect website.
Hosted Connection
Hosted Connections provide customers with two advantages over Dedicated Connections. Hosted
Connections are available in a greater variety of capacities than Dedicated Connections. Hosted
Connections can be provisioned by AWS Direct Connect Partners in minutes, while Dedicated
Connections can take days to establish. For AWS Direct Connect Partners, multiple Hosted Connections
can be aggregated onto an AWS Direct Connect Interconnect. Interconnects are 1 Gbps or 10 Gbps
ports provided by AWS to AWS Direct Connect Partners. A customer can, and often will, order more
than one Hosted Connection. AWS doesn’t limit the number of Hosted Connections that a customer
can order. This section describes the typical integration of an AWS Direct Connect Partner’s services
with the Hosted Connection model; excluding the Service Provider Program.
AWS Direct Connect Partners can provision Hosted Connections for different customers on the same
Interconnect. Each Hosted Connection maps to an 802.1Q VLAN to provide separation between
different Hosted Connections. It is the responsibility of the AWS Direct Connect Partner to assign

VLANs when allocating Hosted Connections to customers, and to deliver each VLAN to the proper
customer.
Each Hosted Connection is assigned a fixed committed information rate (which is set to the capacity of
the Hosted Connection) at provisioning. AWS polices each Hosted Connection to this capacity, and
AWS Direct Connect Partners are required to police each Hosted Connection to its assigned capacity.
For AWS Direct Connect Partners, the total capacity of an Interconnect limits the number of Hosted
Connections the Interconnect will support. For example, a 1Gbps Interconnect can support two 500
Mbps Hosted Connections, but can’t support the addition of a third Hosted Connection of any capacity.
The sum of the capacities of all Hosted Connections associated with an Interconnect must be less than
or equal to the capacity of the Interconnect. Oversubscription of Interconnects is not permitted (for
more information see the AWS Direct Connect Partner Program Requirements section).
AWS Direct Connect Partners may create a link aggregation group (LAG) of multiple Interconnects. Use
of a LAG of at least two Interconnects is required for AWS Direct Connect Partners to provision a
10Gbps Hosted Connection. Customers may not create a LAG of multiple Hosted Connections.
After on-boarding, a AWS Direct Connect Partner can request AWS Direct Connect Interconnects in the
AWS Management Console using the dedicated AWS account dedicated to the management of
Interconnects and customer Hosted Connections. AWS will issue a LOA-CFA document to the AWS
Direct Connect Partner for each requested Interconnect. AWS Direct Connect Partners will download
each LOA-CFA document via the AWS Management Console. When ordering the cross connect to
establish the Interconnect supply the LOA-CFA document. AWS Direct Connect Partners are
responsible for any fees associated with cross connects used to establish Interconnects.
To support high resiliency, AWS Direct Connect Partners must maintain at least two Interconnects at
each AWS Direct Connect location where they provide Hosted Connections to customers. AWS Direct
Connect Partners must add additional Interconnects as needed to support customer requests for
resilient Hosted Connections. AWS Direct Connect Partners must use the AWS Management Console,
API or CLI to compare awsDevice values of Interconnects when provisioning resilient Hosted
Connections at a AWS Direct Connect location to ensure that diverse AWS devices and AWS Direct
Connect Partner devices are used for each Hosted Connection. AWS Direct Connect Partners must
ensure that no single point of failure exists for a customer’s resilient Hosted Connection service.
In the Hosted Connection model, the customer orders each AWS Direct Connect Hosted Connection
through an AWS Direct Connect Partner. Many AWS Direct Connect Partners offer a self-service model
to customers. A common self-service model is one where the customer may request Hosted
Connections through the AWS Management Console, a CLI and/or an API, on demand. The AWS Direct
Connect Partner provisions each Hosted Connection VLAN and the corresponding policer on the AWS
Direct Connect Partner’s equipment. The AWS Direct Connect Partner also provisions each Hosted

Connection via the AWS Management Console, CLI or API. Many AWS Direct Connect Partners
complete provisioning of Hosted Connections minutes after the customer requests them by making
use of preexisting network links to the customer premises. While the ability for a customer to request
Hosted Connections on demand and begin using newly requested Hosted Connections in minutes are
considered common best practices, AWS Direct Connect Partners are free to tailor their own service
offerings to the particular needs and expectations of their customers.
The AWS Direct Connect Hosted Connections section of this guide contains the steps required to
request Interconnects and to provision a customer’s Hosted Connection.
There is no financial transaction between AWS and the AWS Direct Connect Partner in the Hosted
Connection Model for Interconnects. The AWS account that is assigned the Hosted Connection is billed
by AWS for port-hours and the AWS account that is assigned the associated Virtual Interface is billed by
AWS for the egress data transfer. The AWS Direct Connect Partner is not billed by AWS for
Interconnects. Supported Hosted Connection capacities and associated AWS prices are published on
the AWS Direct Connect website.
AWS Direct Connect Dedicated Connections

In the Dedicated Connection model, customers order AWS Direct Connect Dedicated Connections
directly from AWS. A common application of the Dedicated Connection model supports the customer
configuration for a single connection as depicted in Figure 1. Note that this figure does not show
multiple connections required for high resiliency; refer to the recommended best practices for
examples.
Colocation site Customer premises
Figure 1: Customer establishes connectivity to AWS Direct Connect Dedicated Connection
In this configuration, the customer establishes a link between the customer’s colocated network
equipment and the customer’s AWS Direct Connect Dedicated Connection. Although this process to
establish this link isn’t complicated, many customers don’t have the networking expertise to engineer
the required end-to-end connectivity. Some customers might not want to support a colocation

presence themselves, or might not want to incur the cost of colocation from the colocation facility.
This is where a AWS Direct Connect Partner can provide value to customers.
AWS Direct Connect Partners combine their AWS Direct Connect expertise, experience operating
networks, and existing colocation facility relationships to help customers access AWS Direct Connect.
AWS Direct Connect Partners can provide a simpler way for customers to access AWS Direct Connect
than customers can achieve themselves.
The next sections give examples of how AWS Direct Connect Partners can enable customers to access
the customer’s Dedicated Connections.
AWS Direct Connect Partner Scenarios: Dedicated Connections

Let’s look at three different scenarios in which AWS Direct Connect Partners enable customers to
access the customer’s AWS Direct Connect Dedicated Connections. AWS Direct Connect Partners may
use these scenarios to establish an AWS Direct Connect practice. Each scenario uses Dedicated
Connections rather than the Hosted Connection model discussed in AWS Direct Connect Hosted
Connections, later in this guide. For simplicity, these examples cover a single connection. For examples
of cases where multiple connections are required for high resiliency refer to the recommended best
practices.
Scenario 1: Customer Requests Dedicated Connection with AWS Direct Connect Partner
Providing Connectivity
In this first scenario, the customer requests an AWS Direct Connect Dedicated Connection using the
customer’s AWS account. The customer asks the AWS Direct Connect Partner to provide connectivity
between the AWS Direct Connect location and the customer premises (usually referred to in the
industry as last-mile connectivity). This is the simplest way an AWS Direct Connect Partner – or any
network service provider – can enable a customer to access the customer’s AWS Direct Connect
Dedicated Connections.
As Figure 2 shows, the customer requests/is assigned the AWS Direct Connect Dedicated Connection at
the AWS Direct Connect location.

Customer premises
Colocation site
Cross Connect
Figure 2: Customer requests Dedicated Connection with AWS Direct Connect Partner providing connectivity
The AWS Direct Connect Partner connects the customer side router to the AWS Direct Connect
location. The AWS Direct Connect Partner uses the customer’s LOA-CFA document to order the cross
connect from the AWS Direct Connect colocation facility provider. Some colocation facility operators
require the organization ordering a cross connect be named on the accompanying LOA-CFA document.
When requesting the Dedicated Connection, the customer may request a LOA-CFA document that lists
both the customer and AWS Direct Connect Partner.
In this example, any network service provider can help the customer complete the customer’s
connection; the network service provider need not be an AWS Direct Connect Partner. All AWS Direct
Connect Partners are required to support this Dedicated Connection scenario, and can choose to
support additional Dedicated Connection scenarios (and the Hosted Connection model).
Scenario 2: Customer Requests Dedicated Connection with AWS Direct Connect Partner
Providing Managed Equipment and Connectivity
In this second scenario, the customer requests an AWS Direct Connect Dedicated Connection using the
customer’s AWS account, and asks the AWS Direct Connect Partner to provide colocation services for
the customer’s router and connectivity services to the customer site. AWS Direct Connect Partners may
offer colocation services, but AWS Direct Connect Partners must provide alternative options that don’t
require the customer purchase colocation services, such as Scenario 1: Customer Requests Dedicated
Connection with AWS Direct Connect Partner Providing Connectivity discussed previously.
As Figure 3 shows, the customer requests the AWS Direct Connect Dedicated Connection and possibly
the router also.

Cross
Connect
Figure 3: Customer requests Dedicated Connection with AWS Direct Connect Partner managing
In this scenario, the customer requests/is assigned the AWS Direct Connect Dedicated Connection. The
AWS Direct Connect Partner or the customer can own the router. The AWS Direct Connect Partner’s
involvement in this scenario can range from providing just the networking gear in the AWS Direct
Connect colocation facility to providing full managed services for the customer, where the AWS Direct
Connect Partner manages the customer’s router configuration. It’s also possible for the AWS Direct
Connect Partner to provide a one-time setup and as-needed support and configuration. There is room
for flexibility.
Typically, the AWS Direct Connect Partner provides the last mile of connectivity from the AWS Direct
Connect location to the customer’s premises, while all other details are negotiated between the AWS
Direct Connect Partner and the customer.
Scenario 3: AWS Solution Provider Manages AWS Direct Connect Service

In this third scenario, a AWS Direct Connect Partner is also a member of the AWS Solution Provider
Program. This program enables qualified APN Partners to resell AWS services (Solution Provider),
including AWS Direct Connect. The Solution Provider requests an AWS Direct Connect Dedicated
Connection on behalf of the customer, using an AWS account dedicated to the customer. The Solution
Provider also provides connectivity between the customer’s AWS Direct Connect Dedicated
Connections and the customer site.
This scenario enables the Solution Provider to manage the customer’s AWS Direct Connect service end-
to-end, from initial provisioning of Dedicated Connections and optionally through billing, while

preserving ownership of the underlying resources by an AWS account dedicated to the customer. The
Solution Provider Program can be used to provide services where the customer would like a managed
service provider to handle all aspects of the customer’s AWS Direct Connect service.
Figure depicts the structure of this scenario.
Colocation site
Cross Connect
Customer premises
Figure 4: AWS Solution Provider manages AWS Direct Connect service
The Solution Provider sits between the customer and the AWS Direct Connect location. The Solution
Provider uses an AWS account dedicated to the customer to request the customer’s Dedicated
Connection. The Solution Provider has networking gear already in the AWS Direct Connect location and
can configure it to establish connectivity between the customer and AWS.
The benefit of this architecture is that the Solution Provider abstracts all the management of the
customers’ Dedicated Connections. From the customer’s point of view, this scenario is very easy. This
also means that the customer only works with one third-party: the Solution Provider.
Solution Providers may be billed by AWS for all services consumed by the Solution Provider’s resale
customers, including AWS Direct Connect.
Participants in the Solution Provider Program – or any other AWS Direct Connect Partner – must
request Dedicated Connections from an AWS account dedicated to the end customer. At all times the
AWS account dedicated end customer must retain assignment of the Dedicated Connections used by
the customer to access the customer’s AWS resources.
AWS Direct Connect Workflow

Regardless of the Dedicated Connection scenario a AWS Direct Connect Partner chooses to support,
the steps to set up connectivity are very similar. The first step is always considering the need for high

resiliency, and choosing from one of the recommended best practices to achieve the desired level of
resiliency. Once the desired level of resiliency is selected, the customer and AWS Direct Connect
Partner will work together to confirm an architecture is selected, built and tested to ensure the desired
level of resiliency is achieved.
The following flow diagram shows the high level steps that the customer and/or AWS Direct Connect
Partner will have to take to set up connectivity.
Request Download LOA- Create AWS Configure router

connection CFA, order cross virtual interfaces
connect
Figure 5: Setting up an AWS Direct Connect Dedicated Connection
AWS provides a Getting Started with AWS Direct Connect guide that describes these steps in more
detail. It also contains screenshots of the AWS Direct Connect Management Console that describe the
configuration.
Depending on how the customer and AWS Direct Connect Partner choose to implement the Dedicated
Connection model, the steps in Figure 5: Setting up an AWS Direct Connect Dedicated Connection are
performed by either the customer, AWS Direct Connect Partner, or one party will do them all.
We recommend that AWS Direct Connect Partners begin with the first scenario, where the customer
requests the AWS Direct Connect Dedicated Connection, and the AWS Direct Connect Partner provides
connectivity to the customer site.
AWS Direct Connect Hosted Connections

A Hosted Connection is a AWS Direct Connect Partner-provided connection between a mutual
customer and AWS Direct Connect. AWS Direct Connect Partners obtain Interconnects from AWS using
an AWS account dedicated to managing Hosted Connections. On Interconnects, AWS Direct Connect
Partners allocate Hosted Connections to customers. We recommend that AWS Direct Connect Partners
automate as much process as possible (for example, provisioning of Hosted Connections both with
AWS and on AWS Direct Connect Partner equipment) via the AWS Direct Connect API.
AWS Account Structure

As part of on-boarding to the Hosted Connection model, AWS Direct Connect Partners must create a
separate AWS account for managing Interconnects. This dedicated AWS account must be subscribed to
Business-level Support so that the AWS Direct Connect Partner may receive support from AWS for the

Interconnects. Once all AWS Direct Connect Partner Program Requirements have been met, AWS will
enable the dedicated AWS account to manage Interconnects. Use of a dedicated AWS account for
managing Interconnects avoids loss of administrative control over other service objects an AWS Direct
Connect Partner may use. AWS Direct Connect Partners must ensure that additional email addresses
are associated with the dedicated AWS account used to manage Interconnects via the Alternate
Contacts feature. The additional email addresses associated with the dedicated AWS account must be
multiple individuals as 15appropriate to ensure appropriate coverage and points of contact for
communication at any time.
From an AWS account structure perspective, AWS recommends the following approach, shown in
Figure 6, through AWS Organizations. This approach enables AWS Direct Connect Partners to
consolidate billing and administer limitations and controls across various AWS accounts.
AWS accounts AWS account

for other dedicated to
activities Interconnects
Figure 6: AWS account structure
Note that the AWS account structure required for Hosted Connection provisioning may differ under
the Solution Provider Program from the above description.
Request an Interconnect
Once on-boarded, AWS Direct Connect Partners can view the current status of Interconnects or
request an Interconnect through the AWS Management Console or via the API or CLI. If the AWS
Management Console looks like the one in Figure 7, where the menu on the left doesn’t contain an
Interconnect menu item, this indicates the AWS account used to access the AWS Management Console
hasn’t been enabled to request Interconnects in the target region. Please reach out to the assigned
AWS Partner Development Representative or Partner Development Manager to verify status. It is
critical that AWS Direct Connect Partners do not mistakenly request a Dedicated Connection via the

“Connections” menu item. AWS Direct Connect Partners who request Dedicated Connections will be
billed by AWS for those connections.
Figure 7: AWS account not enabled to request an Interconnect in target region
To request an Interconnect
1. Open the AWS Management Console to the Direct Connect service page. This can also be done
programmatically through the AWS API or AWS Command Line Interface (AWS CLI).
2. AWS Direct Connect is a regional service, so AWS Direct Connect Partners might need to switch
regions depending on the desired AWS Direct Connect location. To switch regions, select the
correct region from the menu in the top right corner as seen in Figure 8.
Figure 8: Selecting the correct AWS Region
By default, the AWS Management Console should display the Interconnects menu item. Otherwise,
choose Interconnects from the menu on the left.

3. If an AWS Direct Connect Partner already has Interconnects in the selected region, the AWS
Management Console will display a list of all the Interconnects in that region, as shown in
Figure 9. The following information is provided for each Interconnect:
• Name The name assigned to the Interconnect by the AWS Direct Connect Partner
• ID The connection ID associated with the Interconnect
• Location The AWS Direct Connect location of the Interconnect
• Bandwidth The total capacity of the Interconnect
• Connections The number of Hosted Connections associated with the Interconnect
• State The current status of the Interconnect. This can be ‘requested’, ‘pending’,
‘available’, ‘down’, ‘deleting’, or ‘deleted’.
Figure 9: Interconnects page
4. To request an interconnect, choose Create Interconnect. You will see the following screen.
Figure 10: The Create an Interconnect page
5. Enter the necessary information (name, location, and port speed), and then choose Create.
To View Customer Hosted Connections

To view the existing customers’ Hosted Connections associated with an AWS Direct Connect Partner’s
Interconnects, choose Connections. This brings up a list of the existing customer Hosted Connections,
along with additional information as shown in Figure 11.

Figure 11: Connections page
To Create a New Hosted Connection For a Customer

1. On the Interconnects page, select the Interconnect to allocate the new Hosted Connection on.
From the Actions menu, choose Allocate a New Connection, as seen in Figure 12.
Figure 12: Allocating a new Hosted Connection
2. On the next page, as shown in Figure13, provide the following information:
• Interconnect Name The Interconnect that the Hosted Connection will be created on.
• AWS account ID The AWS account ID of the customer the Hosted Connection will be
assigned to. This is the AWS account that will receive and accept the
hosted connection.
• Connection Name The AWS Direct Connect Partner should use this field to record an
identifier for the Hosted Connection (order ID, circuit ID, etc.).
• VLAN The VLAN ID which will segregate this Hosted Connection on the
Interconnect.
• Bandwidth The capacity of the Hosted Connection.

Figure 13: Hosted Connection parameters
3. Once you’ve entered all the information, choose Allocate, and the Hosted Connection will be
allocated.
The Hosted Connection isn’t active at this point. As shown in Figure 14, a Hosted Connection
initially has a state of “pending acceptance”. When the customer accepts the Hosted Connection
the state will transition from “pending acceptance” to “available.”
Figure 14: Newly created Hosted Connection
What the Customer Sees

Once the AWS Direct Connect Partner has created the customer’s Hosted Connection, the customer
has to accept the Hosted Connection for the Hosted Connection to become active. For the customer to
accept the Hosted Connection, the customer uses the AWS Management Console to access the AWS
Direct Connect Management console. The customer will see that a Hosted Connection has been
allocated in the customer’s AWS account.

Figure 15: Customer view of incoming Hosted Connection
Once the customer accepts the Hosted Connection, the Hosted Connection will be in the “pending”
state until it transitions fully into the “available” state. The Hosted Connection will also transition to
the “available” state in the AWS Direct Connect Partner’s Hosted Connection list. After the customer
has accepted the Hosted Connection, billing begins immediately. This happens regardless of whether
the AWS Direct Connect Partner has finished provisioning the connection on the physical
infrastructure, or of any other dependencies required to get the connection up and running. Once the
connection is available, the customer can create a VIF. Only one VIF can be created per Hosted
Connection. (Note that the actions required for the end to end Hosted Connection provisioning process
may differ under the Solution Provider Program from the above description.)
What Does It All Look Like?

Figure 16 shows the flow from the customer’s on-premises or colocation facility to the customer’s AWS
account, and ultimately the customer’s VPC.

Cross
Connect
Figure 16: Hosted Connection topology
Hosted VIF Model

A Hosted Virtual Interface (Hosted VIF) is a VIF that is assigned to a different AWS account from the
AWS account associated with the underlying Dedicated Connection or Hosted Connection. The Hosted
VIF model enables a customer to make a VIF associated with the customer’s Dedicated Connection or
Hosted Connection available to a different AWS account within the customer’s organization. In some
cases, such as VMware Cloud on AWS, a Hosted VIF is used to provide a customer with access to a
service managed by an AWS account outside the customer’s organization.
Once a Hosted VIF is created, similar to the Hosted Connection model, the AWS account the Hosted VIF
is assigned to must accept the incoming VIF. The AWS account a private Hosted VIF is assigned to can
associate it to a AWS Direct Connect gateway or a virtual private gateway.
The AWS account associated with the Dedicated Connection or Hosted Connection underlying a Hosted
VIF pays all of the associated port-hour charges for that underlying connection. The AWS account that
is assigned the Hosted VIF pays all data egress charges associated with the Hosted VIF.
A Hosted VIF has access to all the capacity of the underlying connection. A Hosted VIF on an underlying
Hosted Connection has access to all of the capacity of that Hosted Connection. Since a Hosted
Connection can have only one VIF associated with it, and Hosted Connections are policed by both AWS
and the AWS Direct Connect Partner, there is no risk of network traffic from the Hosted VIF impacting
other customer traffic. A Hosted VIF on an underlying Dedicated Connection has access to all of the
capacity of the Dedicated Connection. A Hosted VIF, like any VIF on an underlying Dedicated
Connection, can congest the Dedicated Connection. This is true even when the customer or AWS Direct
Connect Partner employs traffic shaping or policing on the customer side of the Dedicated Connection.
As AWS does not police or shape traffic of Hosted VIFs, a UDP flow from AWS towards the customer
premises could congest the Dedicated Connection before the customer or AWS Direct Connect Partner
traffic management has an opportunity to act. Customers and AWS Direct Connect Partners should be
aware of the possibility of congestion due to environments managed by third parties inherent in the

use of Hosted VIFs to access services the customer does not control. (Note: this possibility does not
exist in the case of VMware Cloud on AWS if the Hosted VIF is used to provide the customer with
access to the customer’s Vmware Cloud on AWS environment.)
In the past, some AWS Direct Connect Partners have used the Hosted VIF model to provide customers
with access to AWS Direct Connect. In many of these cases, the congestion described above has
occurred, resulting in a poor customer and AWS Direct Connect Partner experience. As a result, AWS
no longer permits AWS Direct Connect Partners to initiate use of the Hosted VIF model to enable
customers to access AWS Direct Connect. AWS is working with AWS Direct Connect Partners who use
the Hosted VIF model to support a transition to the Hosted Connection model.
AWS Direct Connect Partner Program Requirements

The AWS Direct Connect Partner Program is designed for APN Partners who provide network services
to customers and who wish to enable customers to connect to AWS Direct Connect. Network service
providers who have a presence at existing AWS Direct Connect locations are eligible to apply. APN
Partners may receive the AWS Direct Connect Partner designation by satisfying the criteria set forth in
this document and submitting an application under the AWS Service Delivery Program. For more
information about the AWS Service Delivery Program, see AWS Service Delivery Program Guidelines.
AWS Direct Connect Partners are able to provision Hosted Connections on behalf of customers as
described in this document. In addition to the benefits described above, AWS Direct Connect Partners
have access to use the AWS Direct Connect logo for marketing AWS Direct Connect-related services,
and are listed on the AWS Direct Connect Partner Page.
The AWS Direct Connect Partner Program is governed by the APN Terms & Conditions, and is guided by
AWS best practices and Well Architected Framework.
Program Participation and Benefits
Only APN Partners enrolled in the AWS Service Delivery Program who have a current AWS Direct
Connect Partner designation may: (1) provision Hosted Connections for customers via the AWS
Management Console, CLI or API, (2) use the AWS Direct Connect logo in their marketing materials,
and (3) be listed on the AWS Direct Connect Partner Page and in the APN Partner Directory.
A Network Service Provider Does Not Need to be an AWS Direct Connect Partner to Enable
Customers to Access the Customer’s Dedicated Connections to AWS
Any network service provider may enable customers to access the customer’s AWS Direct Connect
Dedicated Connections. However, in order to offer integrated services based on Hosted Connections,
the network service provider must be an AWS Direct Connect Partner.

AWS Direct Connect Partners Are Not Permitted to Resell AWS Services
APN Partners interested in becoming an authorized Solution Provider should apply separately to obtain
this status. In all cases, when enabling external customers to access AWS Direct Connect, network
service providers must not order Dedicated Connections or Hosted Connections using AWS accounts
associated with the network service provider. AWS Direct Connect resources dedicated to a specific
customer must be associated with the external customer’s AWS account.
Third Parties
Without written approval from AWS, AWS Direct Connect Partner must not enable third parties to
rebrand or otherwise use the AWS Direct Connect Partner’s services integrated with the Hosted
Connection model to provision customer access to Hosted Connections (commonly referred to as
“white labeling”). This written approval from AWS to white label must be specific to each individual
third party legal entity. Third parties include wholly owned legal entities separate from the legal entity
which is a AWS Direct Connect Partner.
Termination for Cause
AWS may terminate the AWS Direct Connect Partner’s designation at any time in AWS’ sole discretion
for cause if AWS Direct Connect Partner does not comply with the AWS Direct Connect Partner
Program Requirements. Upon any termination for cause by AWS, AWS may charge the former AWS
Direct Connect Partner designee a port-hour rate determined by AWS for any occupied ports used as
Interconnects.
Loss of AWS Direct Connect Partner Designation
If an AWS Direct Connect Partner’s designation as a member of the AWS Direct Connect Partner
Program is revoked or terminated, such AWS Direct Connect Partner will:
(1) provide reasonable assistance to AWS to transition any affected customers;

(2) except as required to fulfill the obligations in number (1) above, no longer receive, and
immediately cease taking advantage of, any AWS Direct Connect Partner Program benefits;
(3) except as required to fulfill the obligations in number (1) above, immediately cease use of all
materials provided in connection with the AWS Direct Connect Partner Program; and
(4) immediately cease to identify itself or hold itself out as an AWS Direct Connect Partner.
Customer Satisfaction Survey
AWS Direct Connect Partner may ask customers to submit an AWS Customer Satisfaction Survey after
provisioning AWS Direct Connect related service. The AWS Direct Connect Partner may provide

instructions to the customer to submit an AWS Customer Satisfaction Survey by searching for the AWS
Direct Connect Partner in the AWS Partner Solutions Finder and asking the customer to use the “Rate
this Partner” feature to submit a survey.
AWS Direct Connect Partner Listing at AWS Direct Connect Locations
AWS Direct Connect Partner is responsible for promptly updating AWS regarding any changes in the
AWS Direct Connect Partner’s ability to meet the Requirements to enable customers to access
Dedicated Connections and Hosted Connections (if applicable) at a given AWS Direct Connect location,
and the AWS Direct Connect Partner’s desire to be listed accordingly on the APN Partners supporting
AWS Direct Connect web page. AWS Direct Connect Partner must regularly review listings on the APN
Partners supporting AWS Direct Connect web page for accuracy, including the landing page URL each
listing is linked to. AWS Direct Connect Partner must contact the assigned AWS Partner Development
Representative (PDR) or Partner Development Manager (PDM) to request any required additions or
modifications. AWS may remove listings that contain out of date information, or where customers
report they are unable to obtain service.
Prohibition on Establishing New Hosted VIF Based Services
AWS no longer permits AWS Direct Connect Partners to use Hosted VIFs to provide services to
customers. AWS Direct Connect Partner must not offer Hosted VIF based services to enable customers
to access AWS Direct Connect. For more information see the section of this document titled Hosted VIF
model.
Migration of Hosted VIF Based Services to Hosted Connection
If AWS Direct Connect Partner established Hosted VIF based services prior to AWS’ prohibition on
establishing new Hosted VIF based services, AWS Direct Connect Partner must migrate any service
offerings based on Hosted VIFs to Hosted Connections. AWS may set specific objectives for AWS Direct
Connect Partner migration from Hosted VIFs to Hosted Connections.
Support for Multiple Connections for Resiliency
AWS Direct Connect Partner must enable customers to connect to more than one AWS device at any
AWS Direct Connect location where the AWS Direct Connect Partner provides service. Further, AWS
Direct Connect Partner must enable customers to connect via more than one AWS Direct Connect
Partner device at any AWS Direct Connect location where the AWS Direct Connect Partner provides
service. AWS Direct Connect Partner must eliminate all single points of failure within infrastructure
providing customer access to AWS Direct Connect. AWS requires AWS Direct Connect Partners guide

customers on their options to achieve highly resilient network connections throughout the customer
lifecycle.
Quarterly Reporting on Resiliency
AWS Direct Connect Partner to provide quarterly reporting to AWS by emailing quarterly report to
aws-service-delivery@amazon.com.
The table below shows the information that AWS Direct Connect Partner must provide to AWS each
quarter. This information must be provided in an Excel spreadsheet or CSV file.
AWS Customer Customer Resiliency Dedicated Hosted White Label

Identifier Email Domain Category Connection Connection Company
/ Hosted VIF
dxcon- Example example.com 1 No Yes

11111111
dxvif- Example example.com 2 No No

22222222
dxcon- Example example.com 3 Yes Yes

33333333
dxvif- Example example.com 4 Yes No

44444444
AWS Identifier: identifier associated with customer service from AWS. This identifier will begin with
either dxcon- (for Dedicated Connections or Hosted Connections) or will begin with dxvif- (for legacy
Hosted VIFs).
Customer: Plain text name of customer
Customer Email Domain: DNS domain name used by customer in their email addresses
Resiliency Categories: for reference see AWS Direct Connect Resiliency Recommendations
1. resilient; four connections spread evenly across two AWS Direct Connect locations

2. resilient; two connections at two AWS Direct Connect locations
3. resilient; two connections at one AWS Direct Connect location
4. not resilient
Dedicated Connection: Record Yes if a Dedicated Connection will be used by the customer to provision
connectivity related to this service. Record No otherwise.
Hosted Connection / Hosted VIF: Record Yes if Hosted Connection and / or Hosted VIF services for the
customer. In cases where a customer combines Dedicated Connections with the Hosted Connection or
Hosted VIF services, record Yes for this field as well as the Dedicated Connections field. Record No
otherwise.
White Label Company
The name of the company the customer worked with to provision this service, if this company name is
different from the name of the AWS Direct Connect Partner providing the report to AWS.
Service Performance Monitoring
AWS may, in its sole discretion, develop a future capability to monitor service performance from any
AWS region to the customer premises. Should AWS develop such a capability, AWS Direct Connect
Partner must not prohibit or prevent AWS’ ability to provide this capability to customers. Within 120
days of AWS first providing the AWS Direct Connect Partner with a technical reference document
outlining the requirements of such a service performance monitoring feature, AWS Direct Connect
Partner must make any required changes to AWS Direct Connect Partner services required to support
such a capability. Nothing in the foregoing shall be interpreted as a guarantee or requirement that
AWS develop or provide any such performance monitoring capability.
Expectations for Timely Response and Resolution of Customer Impacting Issues
AWS Direct Connect Partner and AWS will prioritize work to resolve ongoing customer impacting
issues, and secondarily, any issues which may become customer impacting. AWS Direct Connect
Partner and AWS will establish direct communications within 1 hour of first being made aware of a
customer impacting issue. AWS Direct Connect Partner and AWS will provide updates on issue
resolution progress at least once per hour unless both parties agree to another cadence. AWS and AWS
Direct Connect Partner will work to resolve all customer-impacting issues within 24 hours.

Escalation of Customer Impacting Issues
AWS Direct Connect Partner must provide to AWS and maintain an up-to-date escalation list containing
a set of technical (e.g. NOC) and management contacts. AWS Direct Connect Partner must further
provide to AWS and maintain procedures for working with provided contacts which AWS staff may use
to report and resolve any customer-impacting issues, as well as coordinate maintenance activities.
AWS will provide AWS Direct Connect Partner the equivalent information for working with AWS. All
maintenance notification information must, at a minimum, be sent via email message to a specified
email address. Each maintenance notification email must comply with the Maintenance Notification
Best Current Operating Practices standard to facilitate automation.
Auditing AWS Direct Connect Partner Compliance with Requirements
AWS Direct Connect Partner must provide AWS with information as requested to enable AWS to audit
AWS Direct Connect Partner infrastructure design and configuration to ensure services AWS Direct
Connect Partner has delivered meet AWS Requirements. AWS Direct Connect Partner must respond to
such AWS requests in a commercially reasonable timeframe.
Settlement Free Peering
If AWS Direct Connect Partner operates an Internet transit service, AWS Direct Connect Partner agrees
to support settlement free peering between its Internet transit service and AWS at locations and
capacities sufficient to support the exchange of traffic between AWS and AWS Direct Connect Partner’s
Internet transit customers.
Internet Exchanges
If AWS Direct Connect Partner operates one or more Internet Exchanges, AWS Direct Connect Partner
agrees to provide AWS access to the Internet Exchanges at no cost to AWS at locations and capacities
sufficient to support the exchange of traffic between AWS and members of the AWS Direct Connect
Partner’s Internet Exchange(s).
Dedicated Connections: Access Method
AWS Direct Connect Partner must support either a layer 1 dark fiber, layer 1 wave or layer 2 Ethernet
circuit terminated on Direct Connect Partner equipment in combination with a Direct Connect Partner
ordered cross connect to AWS Direct Connect as a method of enabling a customer to access their AWS
Direct Connect Dedicated Connection.

Dedicated Connections: Billing Requirements
Excluding the Solution Provider Program, there is no financial transaction between AWS and the AWS
Direct Connect Partner related to Dedicated Connections obtained by customers. The AWS account
that is assigned the Dedicated Connection is billed by AWS for port-hours and the AWS account(s) that
are assigned the associated Virtual Interfaces are billed for egress data transfer. Pricing for these
charges is public and available on the AWS Direct Connect website.
Dedicated Connections: AWS Direct Connect Partner as Customer
AWS Direct Connect Partner may be a customer of their own services in order to access Dedicated
Connections for AWS Direct Connect Partner’s internal use. When using Dedicated Connections as a
customer, the terms that apply to AWS Direct Connect Partner will not be any different than any other
customer, except as outlined in this document. AWS Direct Connect Partner will be billed for port-hour
and data transfer charges associated with Dedicated Connections and associated Virtual Interfaces
assigned to AWS accounts of AWS Direct Connect Partner.
Hosted Connections: Migration of Virtual Interfaces between Hosted Connections and Dedicated
Connections
If Direct Connect Partner chooses to support the Hosted Connection model, Direct Connect Partner
must support migration of virtual interfaces between Hosted Connections and Dedicated Connections.
Hosted Connections: Capacities
The Hosted Connection model allows an approved AWS Direct Connect Partner to aggregate multiple
customers onto a single physical or logical interface on an AWS Direct Connect device. 802.1Q VLANs
provide separation between Hosted Connections.
Capacity per Hosted Connection is fixed. AWS will police each Hosted Connection to its assigned
capacity, and the AWS Direct Connect Partner must also police each Hosted Connection to its assigned
capacity. AWS will bill customers for Hosted Connection port-hours based on assigned capacity; pricing
is available on the AWS Direct Connect website.
Access to provision Hosted Connections is only available to AWS Direct Connect Partners once they
have completed the on-boarding process. AWS Direct Connect Partners who on-boarded under the
Requirements prior to those contained in the AWS Direct Connect Partner Guide 2.0 document will
have access to provision the following Hosted Connection capacities: 50M, 100M, 200M, 300M, 400M,
and 500M. AWS Direct Connect Partners who on-boarded under the Requirements prior to those
contained in the AWS Direct Connect Partner Guide 2.0 document will need to complete revalidation
under the Requirements specified in the AWS Direct Connect Partner Guide 2.0 document in order to

gain access to provision the following capacities: 1G, 2G, 5G, and 10G; to revalidate the AWS Direct
Connect Partner should complete and submit the AWS Direct Connect Partner Program Validation
Checklist version SDP-1.0 or later. AWS Direct Connect Partners who on-board by meeting the
Requirements contained in the AWS Direct Connect Partner Guide version 2.0 document or later will
have access to provision the following Hosted Connection capacities: 50M, 100M, 200M, 300M, 400M,
500M, 1G, 2G, 5G, and 10G.
AWS Direct Connect Partners must request a minimum of two AWS Direct Connect Interconnects per
AWS Direct Connect location on two separate AWS devices and AWS Direct Connect Partner devices
using AWS Direct Connect Partner enabled AWS account (Interconnect AWS account).
Hosted Connections: Management of Interconnects
To obtain Interconnects at an AWS Direct Connect location, the AWS Direct Connect Partner must
meet all current Requirements of the AWS Direct Connect Partner Program.
AWS may initially limit the number of Interconnects provided to AWS Direct Connect Partner at AWS
Direct Connect locations associated with a given AWS region to two Interconnects at each of two AWS
Direct Connect locations (four Interconnects in total per AWS region). If there is a single AWS Direct
Connect location associated with a given AWS region, then the initial limit may be two Interconnects at
that AWS Direct Connect location. Some AWS Direct Connect locations have multiple sets of AWS
devices with each set associated with a specific AWS region. The limits described will apply to
Interconnects according to the AWS Region associated with the AWS devices providing the
Interconnects.
At a specific AWS Direct Connect location associated with an AWS region where an AWS Direct Connect
Partner already has Interconnects, AWS may provide a pair of additional Interconnects if the AWS
Direct Connect Partner’s sold capacity percentage meets or exceeds a target percentage. Sold capacity
percentage is the sum of the capacity of all Hosted Connections allocated on AWS Direct Connect
Partner Interconnects at a specific AWS Direct Connect location associated with an AWS region,
divided by the sum of that Interconnect capacity at that AWS Direct Connect location, multiplied by
100. AWS sold capacity percentage targets are determined by the number of existing Interconnects
allocated to the AWS Direct Connect Partner at a AWS Direct Connect location associated with an AWS
region, as follows.
Less than 6 Interconnects: 40% sold capacity
Greater than or equal to 6 Interconnects, less than 10 Interconnects: 60% sold capacity
Greater than or equal to 10 Interconnects: AWS may determine a sold capacity target for each AWS
Direct Connect location

AWS Direct Connect Partner may obtain additional Interconnects at an AWS Direct Connect location
associated with an AWS region after allocating Hosted Connection capacity to external customers at
that AWS Direct Connect location so as to meet or exceed the applicable target sold capacity
percentage. Hosted Connection capacity allocated to the AWS Direct Connect Partner or their wholly
owned legal entities may not be used to satisfy the threshold requirement, unless the capacity has
been allocated for at least 30 days. Hosted Connection capacity used to support Interconnect
Monitoring may be used to satisfy the threshold requirement.
If an AWS Direct Connect Partner meets or exceeds thresholds at all existing AWS Direct Connect
locations within a region where they have Interconnects, the AWS Direct Connect Partner may request
two Interconnects at an additional AWS Direct Connect location within that region.
At AWS Direct Connect locations associated with an AWS region where AWS Direct Connect Partner
sold capacity percentage is below the applicable threshold, AWS may require AWS Direct Connect
Partners return unused Interconnects, or migrate customer Hosted Connections as needed to free up
Interconnects for return to AWS. Upon notification by AWS, within 30 days AWS Direct Connect
Partner must act as required to free up Interconnects for return to AWS.
AWS may adjust its approach to management of Interconnects in its sole discretion in response to
changing operational requirements or customer demand. If AWS Direct Connect Partner finds AWS’
management of Interconnects is not responsive to customer demand, AWS Direct Connect Partner
should inform AWS of the situation via AWS technical support.
Hosted Connections: Resiliency Requirements
AWS requires AWS Direct Connect Partner maintain at least two Interconnects to two different AWS
devices at each AWS Direct Connect location where AWS Direct Connect Partner enables customers to
access Hosted Connections. AWS requires that AWS Direct Connect Partner maintain two different
AWS Direct Connect Partner devices at each AWS Direct Connect location, so that connections
between AWS and AWS Direct Connect Partner are not subject to a single point of failure. AWS Direct
Connect Partner must eliminate all single points of failure within infrastructure providing any customer
access to AWS Direct Connect. If required to obtain capacity to enable customer resiliency at an AWS
Direct Connect location, AWS Direct Connect Partner must obtain additional Interconnects from AWS.
AWS recommends AWS Direct Connect Partner establish a presence at multiple AWS Direct Connect
locations to be able to offer geographically diverse and resilient connectivity to customers.

Hosted Connections: Resiliency Provisioning & Testing
AWS Direct Connect Partner must use the AWS Management Console, CLI or API to confirm that
resilient Hosted Connections the AWS Direct Connect Partner delivers to a customer are provisioned
on diverse AWS devices.
Hosted Connections: Number of Hosted Connections on an Interconnect
The default limit on the number of active Hosted Connections AWS Direct Connect Partner may
allocate on an Interconnect is 50. AWS Direct Connect Partner may request AWS raise this limit for an
individual Interconnect. AWS may decline to raise the limit for an individual Interconnect in its sole
discretion.
Hosted Connections: Oversubscription of Interconnects
Oversubscription of Interconnects is not permitted. The sum of the capacities of all Hosted
Connections provisioned on an Interconnect must be less than or equal to the capacity of the
Interconnect. If the sum of the capacities of all Hosted Connections provisioned on an Interconnect is
greater than the capacity of the Interconnect the Interconnect is oversubscribed. The AWS
Management Console, CLI or API will not allow an AWS Direct Connect Partner to provision Hosted
Connections so as to oversubscribe an Interconnect. AWS Direct Connect Partners must not circumvent
this control so as to oversubscribe an Interconnect. AWS Direct Connect Partners must not remove an
Interconnect from a link aggregation group so as to oversubscribe an Interconnect. AWS may at its sole
discretion terminate Direct Connect Partner for cause if Direct Connect Partner oversubscribes an
Interconnect.
Hosted Connections: One to One Subscription of Interconnects
One-to-one subscription of Interconnects is not permitted. The capacity of any Hosted Connection
must be less than the capacity of the Interconnect it is provisioned on. The AWS Management Console,
CLI or API will not allow an AWS Direct Connect Partner to provision a Hosted Connection so as to one-
to-one subscribe an Interconnect.
AWS Direct Connect Partner may use a link aggregation group of multiple Interconnects to meet this
requirement. For example, in order to provision a 10G Hosted Connection, AWS Direct Connect Partner
must create a link aggregation group of 2 Interconnects each with 10G capacity, for a total capacity of
20G.

Hosted Connections: Monitoring of Interconnects
AWS Direct Connect Partner must provide to AWS network configurations and network resources as
required to enable AWS to monitor health of the Interconnects between AWS and AWS Direct Connect
Partner network devices. AWS Direct Connect Partner agrees to meet technical requirements for
monitoring of Interconnects as outlined in a separate technical requirements document. Exclusive of
requests to address service impacting problems, AWS Direct Connect Partner agrees to adjust
configurations supporting monitoring within 30 days as required by AWS. AWS Direct Connect Partner
must provide all services in support this monitoring at no cost to AWS. AWS Direct Connect Partner
must obtain and pay for any cross connects or other network services as required to support this
monitoring. AWS may share Interconnect monitoring data with customers.
Hosted Connections: Billing Requirements
AWS Direct Connect Partner will not be charged by AWS for Interconnects. AWS Direct Connect
Partner must work with the AWS Direct Connect location facility provider to organize a cross connect
from AWS Direct Connect Partner equipment to AWS equipment. AWS Direct Connect Partner is
responsible for all facility fees associated with the hosting of AWS Direct Connect Partner equipment
and cross connects to AWS equipment. In the Hosted Connection model, the customer orders Hosted
Connections directly from AWS Direct Connect Partner, and AWS Direct Connect Partner handles
service provisioning with AWS on behalf of the customer using the AWS Management Console, CLI or
API. Excluding the Solution Provider Program, in the Hosted Connection model there is no financial
transaction between AWS and AWS Direct Connect Partner related to Interconnects. The AWS account
that is assigned the Hosted Connection is billed by AWS for port-hours and the AWS account(s) that are
assigned the associated Virtual Interfaces are billed for egress data transfer.
Hosted Connections: AWS Direct Connect Partner as Customer
AWS Direct Connect Partner may be a customer of their own services in order to access Hosted
Connections for AWS Direct Connect Partner’s internal use. When using Hosted Connections as a
customer, the terms that apply to AWS Direct Connect Partner will not be any different than any other
customer, except as outlined in this document. AWS Direct Connect Partner will be billed for port-hour
and data transfer charges associated with Hosted Connections assigned to AWS accounts of AWS
Direct Connect Partner.
AWS Direct Connect Validation Checklist Requirements

This section contains additional information and requirements for reference by APN Partner applicants
in completing the AWS Direct Connect Validation Checklist version SDP-1.0. Parts of each section of the
checklist are numbered according to the checklist element within that section they cover.

1.0 APN Program Requirements (begins on checklist page 3)
1.1 – No additional information.
2.0 AWS Customer Case Studies
2.3 – APN Partner’s landing page, documentation and sales materials must reinforce the importance of
maintaining multiple connections to AWS in multiple AWS Direct Connect locations for resiliency and
link directly to AWS’ guidance on configuring AWS Direct Connect for resiliency:
https://aws.amazon.com/directconnect/resiliency-recommendation/
3.0 APN Partner Self-Assessment
AWS Direct Connect Validation Checklist (begins on checklist page 4)
1.1 – APN Partner must have two (2) AWS customer references specific to completed AWS Direct
Connect projects. This means that APN Partner has enabled two customers to access the customer’s
production 1G or 10G AWS Direct Connect Dedicated Connections prior to submitting the validation
checklist. These customer references must come from third parties; internal customers or subsidiaries
of APN Partner may not be used to meet this requirement. APN Partner must provide the dxcon-
identifier and name of the AWS Direct Connect location for each customer Dedicated Connection used
as a reference in response to this checklist item in response to this checklist item. dxcon- identifiers
may be found on the LOA-CFA documents issued to the customer by AWS which APN Partner used to
obtain the third-party cross connects for the Dedicated Connections.
2.1 – The Customer Presentation should be the pre-sales presentation APN Partner will give to
potential customers of their AWS Direct Connect related services. The presentation contains
information about APN Partner’s AWS Direct Connect capabilities, including AWS-specific
differentiators, e.g., what is unique about AWS and in which use cases should customers consider AWS
Direct Connect. Presentation content should be limited to what APN Partner would use for a 15 minute
presentation. Presentation content should not include any pricing or references to contractual terms
between the APN Partner and the customer.

APN Partner’s landing page, documentation and sales materials including the Customer Presentation
must reinforce the importance of maintaining multiple connections to AWS in multiple AWS Direct
Connect locations for resiliency and link directly to AWS’ guidance on configuring AWS Direct Connect
for resiliency: https://aws.amazon.com/directconnect/resiliency-recommendation/
2.3 – APN Partner may provide connectivity to any of the AWS regions via the associated AWS Direct
Connect locations as listed here for which they comply with requirements:
https://aws.amazon.com/directconnect/features/. Provide AWS Direct Connect locations using the
facility names on this web page.
To qualify as an AWS Direct Connect Partner at an AWS Direct Connect location:
• APN Partner must support AWS Direct Connect Dedicated Connections at the AWS Direct Connect
location;
• APN Partner must operate their own network;
• APN Partner must have network equipment at the AWS Direct Connect locations applicant plans to
offer connectivity to;
• APN Partner must be capable of supporting diverse connections between two diverse AWS devices
and two diverse APN Partner devices;
• APN Partner must eliminate all single points of failure within infrastructure providing any diverse
customer access to AWS Direct Connect;
• And APN Partner must have the ability to directly order cross connects from the AWS Direct
Connect location provider, including third-party cross connects via LOA/CFA documents AWS issues
to the customer for Dedicated Connections.
The technical requirements for network connectivity to AWS include:
• Ethernet Connectivity at 1G and 10G for Dedicated Connections and optionally Hosted Connections
• Connectivity using supported Optics (1000BASE-LX and 10GBASE-LR)
• Support for up to 9001 byte MTU
• Support for 802.1Q VLAN Tags

AWS recommends that APN Partners establish a presence at multiple AWS Direct Connect locations for
an AWS region to be able to offer geographically diverse and resilient connectivity to customers.
2.4 – If APN Partner wishes to provide access to Hosted Connections, APN Partner must have AWS
account and provide the corresponding account ID in response to this checklist item. After successful
validation, APN Partner’s AWS account will be enabled to manage Interconnects and provision Hosted
Connections on behalf of customers.
If APN Partner wishes to provide access to Hosted Connections, APN Partner must enable Business-
level support on the AWS account they will use to manage Interconnects. Log into the AWS account
you plan to use to manage Interconnects and navigate to http://aws.amazon.com/premiumsupport to
enable “Business Support” on the AWS account.
APN Partner must ensure that additional email addresses are associated with the dedicated AWS
account used to manage Interconnects via the Alternate Contacts feature. The additional email
addresses associated with the dedicated AWS account must be multiple individuals as appropriate to
ensure appropriate coverage and points of contact for communication at any time. Upon initial setup,
a credit card will be required. The AWS accounts can be switched to invoice billing after setup. AWS
does not charge APN Partners for Interconnect ports requested via this AWS account.
APN Partners may opt to sign up for a second AWS account to use as a test “customer” AWS account to
refine provisioning. If opting for a second AWS account, the APN Partner will be billed for any charges
incurred by this test AWS account, including for any Hosted Connections provisioned on behalf of this
AWS account. You may link the AWS account used for testing to the AWS account used for managing
Interconnects in order to consolidate billing as described in the AWS service documentation here:
http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html.
Frequently Asked Questions

Q. How is the AWS Direct Connect service priced?
A. AWS Direct Connect pricing has several variables:
• Customers pay AWS for their service based on the capacity of their Dedicated Connection or
Hosted Connection. AWS terms this charge “port-hours”. Prices are published on the AWS
Direct Connect website.
• Data Transfer In - $0/GB (free) from all AWS Direct Connect locations.
• Data Transfer Out changes based on the AWS Region the data originates from and the AWS
Direct Connect location where the data is transferred out. Please refer to the full price list in
this link.

Q. What do AWS Direct Connect Partners pay? What do customers pay?

A. AWS Direct Connect Partners should consider the following, based on the AWS Direct Connect
model used:
• Dedicated Connection – AWS bills the customer for the port-hour and data transfer costs. The
AWS Direct Connect Partner is responsible for any fees associated with obtaining a cross
connect and any other network transport or service provided by the AWS Direct Connect
Partner to the customer.
• Hosted Connection – AWS bills the customer for port-hour and data transfer costs. The AWS
Direct Connect Partner is responsible for any fees associated with obtaining a cross connect and
any other network transport or service provided by the AWS Direct Connect Partner to the
customer.
Q. How do AWS Direct Connect Partners get access to the Hosted Connection model?
A. To gain access to the Hosted Connection model, AWS Direct Connect Partners must follow the steps
outlined in the AWS Direct Connect Partner Validation Checklist. The current AWS Direct Connect
Partner Validation Checklist may be obtained by following these Getting Started steps.
Q. Can a customer use an AWS Direct Connect location associated with an AWS region to access AWS
services in a different AWS region?
A. Yes, AWS Direct Connect gateway enables customers to access a VPC in any AWS Region (including
GovCloud) from a private VIF in any AWS Direct Connect location (excluding AWS Regions and AWS
Direct Connect locations in China). AWS Direct Connect public VIFs enable customers to access public
endpoints in any AWS Region from any AWS Direct Connect location (excluding AWS Regions and AWS
Direct Connect locations in China).
Q. How many VIFs can a customer have?

A. AWS Direct Connect Partners should consider the following, based on the AWS Direct Connect
model used:
• Dedicated Connection – customers are limited to 50 VIFs per Dedicated Connection.
• Hosted Connection – customers are limited to a single VIF per Hosted Connection. Customers
can obtain multiple VIFs by obtaining multiple Hosted Connections.
For additional service limits, see AWS Direct Connect Limits.
Q. Does AWS provide latency data for AWS Direct Connect?

A. No. Customers should measure end to end latency and determine the impact of latency on their
applications.

Q. Does AWS offer an SLA for AWS Direct Connect?

A. Yes. For customer requirements to qualify for an SLA and other information, please review the SLA
page.
Q. Does AWS offer guidance for resiliency?

A. Yes, see AWS Direct Connect Resiliency Recommendations.
Appendix A: Core Concepts / Terminology

AWS Device
A physical device which provides customer AWS Direct Connect Dedicated Connections or AWS Direct
Connect Interconnects.
Dedicated Connection
A 1G or 10G Ethernet port requested directly from AWS by a customer and dedicated for use solely by
that customer.
Interconnect
A 1G or 10G Ethernet fiber-optic port that is made available only to AWS Direct Connect Partners.
Interconnects are used by AWS Direct Connect Partners to provide access to Hosted Connections on
behalf of customers.
Hosted Connection
A logical service provisioned on behalf of a customer by an AWS Direct Connect Partner on an
Interconnect.
Cross connect
A fiber-optic path from customer or AWS Direct Connect Partner equipment to AWS equipment as
detailed in the AWS Letter of Authorization and Connecting Facility Assignment (LOA-CFA) document.
There is usually a fee associated with a cross connect, and AWS Direct Connect Partners are expected
to include cost recovery as part of the AWS Direct Connect Partner’s overall service charge to the
customer.
Letter of Authorization (LOA) and Connecting Facility Assignment (CFA)

AWS provides a Letter of Authorization and Connecting Facility Assignment (LOA-CFA) document to the
customer requesting a Dedicated Connection. The LOA-CFA is the authorization to connect to AWS,
and is required by the colocation provider to establish the cross connect.

AWS Direct Connect location

Residing within shared hosting facilities, each AWS Direct Connect location enables AWS Direct
Connect customers to easily connect physical fiber from their network equipment colocated within the
facility to AWS Direct Connect via a cross connect. Customers can also use the services of a network
service provider or an AWS Direct Connect Partner to access AWS Direct Connect at the AWS Direct
Connect location of their choice.
All AWS Direct Connect locations are published on the AWS Direct Connect website.
Customer router (CR)

A physical router that the customer uses to connect to AWS Direct Connect. This router can be located
within a cage and rack that the customer procures in the same facility as the AWS Direct Connect
location. Or it can be at the customer premises and connected to AWS via the services of a network
service provider or AWS Direct Connect Partner. The customer configures and manages this device.
The CR needs to support both Layer 2 VLANs, Layer 3 configuration on those VLANs, and Border
Gateway Protocol (BGP) for advertising and receiving of routes from/to Amazon.
Hosted Connection
Created by the AWS Direct Connect Partner who provides the Hosted Connection service to a
customer. The customer can only create a single virtual interface (VIF) on each Hosted Connection.
Virtual interface (VIF)

Terminating on the Amazon side of an AWS Direct Connect connection are virtual interfaces, a
prerequisite for using an AWS Direct Connect connection. Customers configure virtual interfaces within
their AWS account.
Hosted VIF
A Hosted VIF is a VIF associated with an AWS account that is not the same AWS account associated
with the Dedicated Connection or Hosted Connection.
Public virtual interface

To connect to AWS services via their public IPs, such as Amazon Simple Storage Service (Amazon S3),
with dedicated network performance, use a public virtual interface.
A public virtual interface enables customers to connect to all AWS public IP spaces globally. AWS Direct
Connect customers in any AWS Direct Connect location can create public virtual interfaces to receive
Amazon’s global IP routes, and customers can access publicly routable Amazon services in any AWS
Regions (except the AWS China Region).

Additional details such as the /30 or /31 public address range for the Layer 2 VLAN between the public
virtual interface and the customer router (CR), and the routes that will be advertised into the AWS
Region, are supplied when the public virtual interface is configured.
Private virtual interface

To connect to private services, such as Amazon Virtual Private Cloud (Amazon VPC), with dedicated
network performance, use a private virtual interface.
A private virtual interface enables customers to connect to customer VPC resources—for example, EC2
instances, load balancers, Amazon Relational Database Service (Amazon RDS) DB instances, etc.—on a
customer’s private IP address or endpoint. A private virtual interface can connect to an AWS Direct
Connect gateway, which can be associated with one or more virtual private gateways in any AWS
Region (except the AWS China Region). A virtual private gateway is associated with a single VPC, so
customers can connect to multiple VPCs in any AWS Region (except the AWS China Region) using a
private virtual interface. For a private virtual interface, AWS only advertises the entire VPC CIDR over
the Border Gateway Protocol (BGP) neighbor.
Border Gateway Protocol (BGP)

A standardized exterior gateway protocol originally designed to exchange routing and reachability
information between autonomous systems (AS) on the internet. BGP is used within AWS Direct
Connect to exchange routing information between a virtual interface and the customer router (CR).
Over a public virtual interface, all AWS public IP ranges are advertised to the customer, and the
customer can advertise their approved public IP space to AWS. Over a private virtual interface, the VPC
CIDR is advertised to the customer, and the customer can advertise the customer’s on-premises routes
to AWS.
Appendix B: Additional Resources

AWS Webpages
AWS Direct Connect Resiliency Recommendations
AWS Service Delivery Program
AWS Service Delivery Program Guidelines
AWS Direct Connect Partner Website
AWS Direct Connect Partner Program
AWS Direct Connect Documentation (including API Reference)

AWS Direct Connect FAQs
AWS re:Invent 2018 videos
Creating your Virtual Data Center: VPC and Connectivity
Expanding your Data Center with Hybrid Cloud
Deep Dive: AWS Direct Connect

AWS Direct Connect Partner Guide

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AWS Direct Connect Partner Guide

Uploaded by

Copyright:

Available Formats

AWS Direct Connect

Updated March 6, 2019

Version 2.0 March 6, 2019 AWS Confidential Information pg. 2

What Is AWS Direct Connect?

Why Use AWS Direct Connect?

What Is an AWS Direct Connect Partner?

Version 2.0 March 6, 2019 AWS Confidential Information pg. 3

AWS Direct Connect Resiliency Recommendations

Version 2.0 March 6, 2019 AWS Confidential Information pg. 4

AWS Direct Connect Service Models

Dedicated Connection Hosted Connection

Speeds 1, 10 Gbps 50, 100, 200, 300, 400, 500 Mbps

Cross connect fee Paid by AWS Direct Connect Partner

Version 2.0 March 6, 2019 AWS Confidential Information pg. 5

Version 2.0 March 6, 2019 AWS Confidential Information pg. 6

Version 2.0 March 6, 2019 AWS Confidential Information pg. 7

Version 2.0 March 6, 2019 AWS Confidential Information pg. 8

AWS Direct Connect Dedicated Connections

Colocation site Customer premises

Figure 1: Customer establishes connectivity to AWS Direct Connect Dedicated Connection

Version 2.0 March 6, 2019 AWS Confidential Information pg. 9

AWS Direct Connect Partner Scenarios: Dedicated Connections

Version 2.0 March 6, 2019 AWS Confidential Information pg. 10

Version 2.0 March 6, 2019 AWS Confidential Information pg. 11

Colocation site Customer premises

Scenario 3: AWS Solution Provider Manages AWS Direct Connect Service

Version 2.0 March 6, 2019 AWS Confidential Information pg. 12

Figure depicts the structure of this scenario.

Figure 4: AWS Solution Provider manages AWS Direct Connect service

AWS Direct Connect Workflow

Version 2.0 March 6, 2019 AWS Confidential Information pg. 13

Request Download LOA- Create AWS Configure router

Figure 5: Setting up an AWS Direct Connect Dedicated Connection

AWS Direct Connect Hosted Connections

AWS Account Structure

Version 2.0 March 6, 2019 AWS Confidential Information pg. 14

AWS accounts AWS account

Figure 6: AWS account structure

Version 2.0 March 6, 2019 AWS Confidential Information pg. 15

Figure 7: AWS account not enabled to request an Interconnect in target region

Figure 8: Selecting the correct AWS Region

Version 2.0 March 6, 2019 AWS Confidential Information pg. 16

Figure 9: Interconnects page

Figure 10: The Create an Interconnect page

To View Customer Hosted Connections

Version 2.0 March 6, 2019 AWS Confidential Information pg. 17

Figure 11: Connections page

To Create a New Hosted Connection For a Customer

Figure 12: Allocating a new Hosted Connection

2. On the next page, as shown in Figure13, provide the following information:

Version 2.0 March 6, 2019 AWS Confidential Information pg. 18

Figure 13: Hosted Connection parameters

Figure 14: Newly created Hosted Connection

What the Customer Sees

Version 2.0 March 6, 2019 AWS Confidential Information pg. 19

Figure 15: Customer view of incoming Hosted Connection

What Does It All Look Like?

Version 2.0 March 6, 2019 AWS Confidential Information pg. 20

Figure 16: Hosted Connection topology

Hosted VIF Model

Version 2.0 March 6, 2019 AWS Confidential Information pg. 21

AWS Direct Connect Partner Program Requirements