How do I monitor the connectivity between AWS and my on-premises network over Direct Connect?

Resolution

Check the status of the connection

Complete the following steps:

1. Open the Amazon CloudWatch console.
2. In the navigation pane, choose Metrics, and then choose All metrics.
3. Under All metrics, choose DX.
4. Choose Connection metrics.
5. To view the connection status, select the ConnectionState metric from the Metric name column.
6. In the Graphed metrics section, use either the Minimum or Maximum statistic. Don't use the Average statistic.
   Note: The graph displays a value of 1 when the connection is up or 0 when the connection is down. If the connection is running, then the graph typically shows a flat line at 1.

To view your hybrid network connectivity with AWS, use Amazon CloudWatch Network Synthetic Monitor.

Create a CloudWatch alarm to monitor the connection status

Complete the following steps:

1. Open the CloudWatch console.
2. In the navigation pane, choose Alarms.
3. Choose Create alarm, and then choose Create alarm.
4. Choose Select metric, and then choose DX.
5. In the metrics search box, search for and then select the ConnectionState metric for your Direct Connect connection.
6. In the Conditions section, choose Lower, and then enter 1 for one or more data points.
7. Choose Next.
8. In the Configure actions section, configure your settings. For example, you can send a notification to an existing topic.
9. Choose Next.
10. In the Add alarm details section, configure your settings, and then choose Next.
11. Choose Create alarm.

Monitor data that's transferred over your Direct Connect connection

Complete the following steps:

1. Open the CloudWatch console.
2. In the navigation pane, choose Metrics, and then choose All metrics.
3. In the metrics search box, enter AWS/DX.
4. View the following metrics over time to determine your connection's usage patterns:
   ConnectionBpsIngress monitors incoming (on-premises to AWS) bits per second.
   ConnectionBpsEgress monitors outgoing (AWS to on-premises) bits per second.
   ConnectionErrorCount shows the total error count for all types of Media Access Control (MAC)-level errors on the AWS device. The total includes cyclic redundancy check (CRC) errors.
   ConnectionLightLevelTx shows the health of the fiber connection for outbound traffic from AWS.
   ConnectionLightLevelRx shows the health of the fiber connection for inbound traffic to AWS.

Regularly review your CloudWatch metrics and alarms to make sure that your Direct Connect connection performs as expected.

Set up VPC Flow Logs

To monitor connection traffic, use Amazon Virtual Private Cloud (Amazon VPC) Flow Logs.

For example, you can use the AWSSupport-EnableVPCFlowLogs runbook to publish flow logs to Amazon CloudWatch Logs or Amazon Simple Storage Service (Amazon S3). Be sure to have the required input parameters.

Then, use CloudWatch Logs Insights to query and analyze your traffic data. You must include the source and destination IP addresses for the traffic that flows through your Direct Connect connection.

If you use AWS Transit Gateway with Direct Connect, then set up VPC Flow Logs for Transit Gateway.

Check the AWS Health Dashboard

Check the AWS Health Dashboard for ongoing or recently completed AWS maintenance that might affect your Direct Connect connection or virtual interfaces. Set up notifications for critical metrics so that you receive immediate alerts.

Related information

Monitor Direct Connect resources