Associate a MACsec CKN/CAK with an AWS Direct Connect endpoint LAG

After you create the LAG that supports MACsec, you can associate a CKN/CAK with the connection using either the AWS Direct Connect console or using the command line or API.

Note

You cannot modify a MACsec secret key after you associate it with a LAG. If you need to modify the key, disassociate the key from the connection, and then associate a new key with the connection. For information about removing an association, see Remove the association between a MACsec secret key and an AWS Direct Connect endpoint LAG.

To associate a MACsec key with a LAG

Open the AWS Direct Connect console at https://console.aws.amazon.com/directconnect/v2/home.
In the navigation pane, choose LAGs.
Select the LAG and choose View details.
Choose Associate key.
Enter the MACsec key.

[Use the CAK/CKN pair] Choose Key Pair, and then do the following:
- For Connectivity Association Key (CAK), enter the CAK.
- For Connectivity Association Key Name (CKN), enter the CKN.
[Use the secret] Choose Existing Secret Manager secret, and then for Secret, select the MACsec secret key.
Choose Associate key.

To associate a MACsec key with a LAG using the command line or API

associate-mac-sec-key (AWS CLI)
AssociateMacSecKey (AWS Direct Connect API)

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Disassociate a connection from a LAG

Remove the association between a MACsec secret key and a LAG