Connect to AWS
End users can create connections to AWS Direct Connect using either a
Dot1q port or a QinQ port.
Layer 2 Connection to AWS Direct Connect
Step 1: Retrieve AWS Account Info
Locate your AWS Direct Connect account ID using the AWS Management console.
The AWS Direct Connect account ID is a 12-digit number. You must use this ID value when creating AWS connections.
Refer https://aws.amazon.com/console/ for instructions on how to signup for AWS.
Step 2: Create Connection
These steps outline what you must do to create an AWS Direct Connect
connection:
2a) Authenticate
import StepAuthenticate, { toc as StepAuthenticateTOC } from
'@site/fabric/_step-authenticate.mdx'
2b) Get the Port information
Retrieve your allocated Equinix Fabric port information.
Refer to GET Port under the API Reference section for instructions on how to retrieve port details. Skip this step if you already know your port information.
2c) Get Metros
Find all metros where Equinix Fabric is available to check if a connection
can be established between the port selected earlier and your desired
destination metro.
Use this API to identify the metro codes of your source (A-side) and destination (Z-side) for your connection.
Refer to GET Metros under the API Reference section for instructions on how to get the metro code. You may skip this step if you already know this information.
2d) Get Service Profile
Identify all service profiles available for a given metro or metros, and
select the profile to which you wish to connect.
Refer to GET Services under the API Reference section for instructions on how to retrieve service profiles in Equinix Fabric. You may skip this step if you already know the service profile details.
2e) Get ValidateAuthorizationKey
Verify whether your AWS Account Info can be used to create a connection to
the seller profile selected earlier.
The validate authorization key API currently only performs regular expression validation and checks if a connection can be established to the selected seller service profile. It does not validate the authenticity and accuracy of the key against AWS. This feature will be included in the future.
Refer to GET validateAuthorizationKey under the API Reference section for instructions on how to validate your authorization key. You may skip this step if you are certain that your key is authorized for creating connections with the selected service profile.
2f) Post Connections
| POST /ecx/v3/l2/connections | |
|---|---|
| Method | POST |
| URL or Endpoint | /ecx/v3/l2/connections |
| Headers | Authorization, Content-Type |
| Query Parameters | Not applicable |
| Body Parameters | primaryName, primaryPortUUID, primaryVlanSTag, primaryVlanCTag, profileUUID, authorizationKey, speed, speedUnit, notifications [...], purchaseOrderNumber, sellerRegion, sellerMetroCode |
The POST connections API creates a layer 2 connection between your port and the destination service profile. The authorization token and content-type are the only headers that are passed to this API and a response is received based on the values passed.
If you are unaware of how to obtain an authorization token, refer to Requesting Access and Refresh tokens section under the Getting Access Token.
The following screenshots show a sample curl request to create a layer 2 AWS Direct Connect connection using a Dot1q and QinQ port and a sample JSON response for this API.
Should you want to estimate the price of this connection, use the API GET Prices.
AWS Direct Connect connection using a Dot1q port
curl -X
POST "https://api.equinix.com/ecx/v3/l2/connections"
-H "content-type: application/json"
-H "authorization: Bearer qwErtY8zyW1abcdefGHI"
-d '{
"primaryName": "JohnDoe_AWS_Dot1q",
"profileUUID": "3214888b-39b0-49ea-a232-005088dc9c84",
"speed": 50,
"speedUnit": "MB",
"notifications": [
"JohnDoe@example.com"
],
"purchaseOrderNumber": "1234567890",
"primaryPortUUID": "7f891d3b-973e-73e0-bae0-30ac1885197a",
"primaryVlanSTag": "774",
"sellerRegion": "us-west-1",
"sellerMetroCode": "SV",
"authorizationKey": "123456789012"
}'AWS Direct Connect connection using a QinQ port
curl -X
POST "https://api.equinix.com/ecx/v3/l2/connections"
-H "content-type: application/json"
-H "authorization: Bearer qwErtY8zyW1abcdefGHI"
-d '{
"primaryName": "JohnDoe_AWS_QinQ",
"profileUUID": "999552b-39b0-49ea-a232-005088dc9c84",
"speed": 50,
"speedUnit": "MB",
"notifications": [
"JohnDoe@example.com"
],
"purchaseOrderNumber": "0987654321",
"primaryPortUUID": "99991d3b-9750-7500-bae0-30ac1885197a",
"primaryVlanSTag": "774",
"primaryVlanCTag": "775",
"sellerRegion": "us-west-1",
"sellerMetroCode": "SV",
"authorizationKey": "123456789012"
}'The description of the body parameters is as follows:
| Body Parameter Name | Mandatory | Type | Example | Applicable Values | Description |
|---|---|---|---|---|---|
| primaryName | Yes | string | JohnDoe_AWS_QinQ |
User-defined name of the primary connection. Supply an alpha-numeric string, which can include hyphens and underscores ('-' & '_') as special characters (no other special characters are allowed). Max Length: 24 characters |
|
| primaryPortUUID | Yes | string | 99991d3b-9750-7500-bae0-30ac1885197a | Unique Equinix-assigned ID of the buyer's primary port from where the connection originates. | |
| primaryVlanSTag | Yes | integer | 774 | 2 - 4094 |
S-Tag/Outer-Tag of the primary connection. Range: 2 - 4094 |
| primaryVlanCTag | Yes | integer | 775 | 2 - 4094 |
C-Tag/Inner-Tag of the primary connection on the Z side. Range: 2 - 4094 |
| profileUUID | Yes | string | 999552b-39b0-49ea-a232-005088dc9c86 | Unique Equinix-assigned ID of the provider's service profile. | |
| authorizationKey | Yes | string | 123456789012 |
Authorization Key provided by AWS. For example, the account ID from AWS. |
|
| speed | Yes | integer | 50 | Speed/bandwidth to be allocated to the connection. | |
| speedUnit | Yes | string | MB | MB |
Unit of the speed/bandwidth to be allocated to the connection. Values: Either MB or GB. |
| notifications | Yes | array [string] | JohnDoe@example.com |
A list of email addresses that are notified when there are any
updates on this connection. Example: ["user@example.com", "user2@example.com"] |
|
| purchaseOrderNumber | Yes | string | 0987654321 | This optional field links the purchase order to the connection on Equinix. This link is reflected on the invoice. | |
| sellerRegion | Yes | string | us-west-1 | The region in which the seller port resides. | |
| sellerMetroCode | Yes | string | SV |
The metro code that denotes the connection’s destination (Z
side). If sellerMetroCode is empty, thevalue defaults to themetro codeof the port. |
The following table indicates the tagging criteria to be followed when a buyer/customer (A-side) wants to connect to AWS (Z-side). Ensure to add the correct S tag or C tag based on your port type.
| Port Type (A-side) | S-tag required | C-tag required | Port Type ( Z-side) |
|---|---|---|---|
| Dot1q port | Yes | No | Dot1q port |
| QinQ port | Yes | Yes | Dot1q port |
If you get "Access Denied" error, contact your local Equinix Service Desk for Equinix Fabric Portal access.
{
"message": "Connection Saved Successfully",
"primaryConnectionId": "9999a8-0e07-44d0-944c-88a25d8d28f7"
}The description of the response payload is as follows:
| Field Name | Type | Example | Description |
|---|---|---|---|
| message | string | Connection Saved Successfully | Indicates the status of the API call. |
| primaryConnectionID | string | 9999a8-0e07-44d0-944c-88a25d8d28f7 | Returns the newly created connection ID. |
Once the POST Connections API is successfully called, you may check the status of the connection using the API GET Connections{uuid}
When a connection is created, the connection transitions through various states within the Equinix and AWS infrastructure. These states can be monitored using the response attributes of the API GET Connections{uuid}. The "status" attribute indicates the connection status in Equinix and the "providerStatus" indicates the status in AWS.
| Equinix States under /ecx/v3/l2/connections/{connId} | AWS States | ||
| "status" attribute values | "providerStatus" attribute values | AWS Direct Connect State | Description |
| PROVISIONING | NOT_AVAILABLE | Connection request has not been yet sent to AWS. | |
| PROVISIONED | PENDING_APPROVAL | Ordering -> Requested |
The connection awaits for acceptance. You will see a card stating "Accept Hosted Connection" on your Equinix Fabric portal dashboard. |
| PROVISIONED | PROVISIONING | Pending | Connection establishment in progress. |
| PROVISIONED | PROVISIONED | Pending -> Available |
The connection has been accepted by the client. These status values will only be reflected after the below "Accept Connection" step is performed. |
Refer https://docs.aws.amazon.com/directconnect/latest/APIReference/API_Connection.html for the different AWS connection states.
When an end user deletes a connection using the API DELETE Connections{uuid} the connection transitions through the following states within the Equinix infrastructure.
| Equinix States under /ecx/v3/l2/connections/{connId} | ||
| "status" attribute values | "providerStatus" attribute values | Description |
| DEPROVISIONING | DEPROVISIONING | Connection disbandment in progress. |
| DEPROVISIONED | DEPROVISIONED | Connection deleted. |
Step 3: Accept Connection
Accept the virtual connection using AWS Management Console, Equinix Portal, or the below API.
| PATCH l2/connections/{connid} | |
|---|---|
| Method | PATCH |
| URL or Endpoint | /ecx/v3/l2/connections/{connId} |
| Headers | Authorization, Content-Type |
| Query Parameters | action |
| Body Parameters | AWS Access Keys (Access Key ID and Secret Access Key) |
ConnId is an identifier unique for each connection.
The PATCH connections API accepts or rejects a layer 2 connection for a given connection connID.
If you are unaware of how to obtain an authorization token, refer to Requesting Access and Refresh tokens under the Getting Access Token section.
The following screenshots show a sample curl request to accept a layer 2 connection and its respective JSON response.
curl -X
PATCH "https://api.equinix.com/ecx/v3/l2/connections/9999a8-0e07-44d0-944c-88a25d8d28f7?action=Approve"
-H "content-type: application/json"
-H "Authorization: Bearer qwErtY8zyW1abcdefGHI"
-d '{
"accessKey":"AKIAGGJKJU7BC3QJKYQ",
"secretKey":"CXGJW1lWbqENEqSkBAK"
}'The description of the query and request payload is as follows:
| Query Parameter Name | Mandatory | Type | Example | Applicable Values | Description |
|---|---|---|---|---|---|
| action | Yes | string | Approve | "Approve" "Reject" |
The action to performon the connection. |
| connId | Yes | string | 9999a8-0e07-44d0-944c-88a25d8d28f7 | The unique identifier of the connection. |
| Body Parameter Name | Mandatory | Type | Example | Description |
|---|---|---|---|---|
| accessKey | Yes | string | AKIAGGJKJU7BC3QJKYQ | Special keys provided by AWS to authenticate API requests. |
| secretKey | Yes | string | CXGJW1lWbqENEqSkBAK | Special keys provided by AWS to authenticate API requests. |
{
"message": "updated connection successfully",
"primaryConnectionId": "9999a8-0e07-44d0-944c-88a25d8d28f7"
}The description of the response payload is as follows:
| Field Name | Type | Example | Description |
|---|---|---|---|
| message | string | updated connection successfully | The status message of the PATCH API call. |
| primaryConnectionID | string | primaryConnectionId: "9999a8-0e07-44d0-944c-88a25d8d28f7" | The primary connection ID of the connection that was accepted. |
If you get "Access Denied" error, contact your local Equinix Service Desk for Equinix Fabric Portal access.
Refer
https://aws.amazon.com/directconnect/
for instructions on how to accept the connection using the AWS console
and
https://docs.equinix.com/en-us/Content/Interconnection/ECXF/landing-pages/ECXF-landing-main.htm
for instructions on how to accept the connection using the Equinix
Fabric Portal.
