AWS Direct Connect- Public VIF

Question

**Use-case** To transfer over a 1Tb of backup data from the existing location into an AWS S3 bucket. The hosted connection / DX connection will be decommissioned after 4-6 weeks when the data transfer will be completed.

I have a question that I am confused about while creating the Public VIF.
Does the ‘Prefixes you want to advertise’ section mean it will only allow those CIDR/IP addresses to route to AWS over this Public VIF?
My client is concerned about the security issue of using the Public IPs and want to limit it to the traffic only coming from the MCN or on-prem environment.

Accepted Answer

You treat Public VIF as internet connection. You can't advertise private IPs. And traffic routing the Public VIF must have registered Public IP as a source.
If you are going to access AWS Public services using your on-premise private network, then you will have a sort of NATing. The public IP for your NATing can be added to the "Prefixes you want to advertise".

Answer

The setting ("Prefixes you want to advertise") is the list of public IP addresses that the customer will advertise to AWS. It is a specific list - on that connection you will only be allowed to advertise the public IP addresses that you specify. Connections to the AWS network will only be allowed from those IP addresses.

The customer should treat the Public VIF as if it was an internet connection (so, firewall, etc.) as explained here.

The customer should treat the Public VIF as if it was an internet connection (so, firewall, etc.) as [explained here](https://www.youtube.com/watch?v=X_4ekgRc4C8&t=328s).

AWS Direct Connect- Public VIF

관련 콘텐츠