AWS Direct Connect is the onramp and offramp from AWS instances to other clouds.  It provides you with various options to connect your dedicated AWS infrastructure to other PaaS, SaaS, and IaaS workgroups.  Connecting to Direct Connect is simple, easy, and painless plus it can be turned on in minutes.  You must fully understand the benefits and costs of your Amazon Direct Connect including Egress charges which many Dev teams are unaware of.  In our prior post on Cloud Connectivity for 2022 we discussed everything from connecting using public Internet to Direct Hosted connections.


Virtual Cloud Routing

Connecting to AWS Direct Connect can be a great option for diversity and High Availability (HA) designs between instances.  For example, if you have AWS East and West deployed, using Direct Connect with a Virtual Cloud Router provides an excellent option to deploy Failover options or routing data between the two environments.  Designing with a Virtual Cloud Router, you can deploy BGP over a Software-Defined backbone connection in minutes and equally connect to your WAN.  This eliminates the need to contract long-term with a telco carrier and consume bandwidth on demand elastically.  Many enterprises look to extend their network such as SDWAN adding a node for their AWS instance which can be accomplished.

Interested in a Virtual Cloud Routing Design?  Schedule time for a Demo with an Architect.

How much is AWS Direct Cost?

There are two cost elements you must be aware of, AWS Direct Connect Cost and whatever Transport (Hosted, SD, X-Connect, Internet VPN etc).

What is the Best Option to connect with AWS Direct Connect?

The best option is the one for your business!  Each use-case is unique, however here are the common options to Connect to AWS Direct Connect

  1. Public Internet:
  2. Software Defined Virtual Private Circuit
  3. Colocation Providers
  4. Fiber Cross-Connect:
  5. Telco Carriers Cloud Connectivity

This eliminates the need to contract long-term with a telco carrier and consume bandwidth on demand elastically..

Each connectivity option leverages either VPN or AWS Direct Connect and, while both are viable options, you might find that one or both are better for your business requirements.


AWS-managed VPN

AWS-managed VPN is a hardware IPsec VPN that enables you to create an encrypted connection over the public Internet between your Amazon VPC and your private IT infrastructure. The VPN connection lets you extend your existing security and management policies to your VPC as if they were running within your own infrastructure.

VPN is a great connectivity option for businesses that are just getting started with AWS. It is quick and easy to setup. Keep in mind, however, that VPN connectivity utilizes the public Internet, which can have unpredictable performance and despite being encrypted, can present security concerns.

We have compiled a list of the Top Tier-1 ISPs globally which is a good start to evaluate if they would be a good network fit for your VPN.

AWS Direct Connect

AWS Direct Connect bypasses the public Internet and establishes a secure, dedicated connection from your infrastructure into AWS. This dedicated connection occurs over a standard 1 GB or 10 GB Ethernet fiber-optic cable with one end of the cable connected to your router and the other to an AWS Direct Connect router. AWS has established these Direct Connect routers in large colocation facilities across the world, providing access to all AWS regions. With established connectivity via AWS Direct Connect, you can access your Amazon VPC and all AWS services.

AWS Direct Connect is a great option for businesses that are seeking secure, ultra-low latency connectivity into AWS. While provisioning AWS Direct Connect can sometimes be more involved, it is worth it once the connectivity is established because of the ease of predictable network performance and 60% cost savings.


Comparison of AWS AWS-Managed VPN and AWS Direct Connect (Click here for the most recent)

AWS-Managed VPN

AWS Direct Connect


<4 GB per VPC

<1 GB, 1 GB, or 10 GB ports Up to 40 GB with Link Aggregation Group (LAG)


1VPN Connection to VPC

2 port connection to multiple VPCs


1 VPN Connection = 2 VPN tunnels

1 AWS router = redundant connectivity to 1 AWS region


$0.05 per VPN Connection Hour $0.09 per GB data transfer out

$0.2 to $0.3 per GB data transfer out Port hour fees(varies based on port speed)

In the end, the above write-up does play well within the AWS Well-Architected Framework dev teams can maintain around cost optimization.  If you need a quick and free design suggestion on how best to use Direct Connect in your cloud network, contact us.  One of our AWS experts would be happy to route you to the correct path!