Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
AssociateMacSecKey - AWS Direct Connect
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsSee Also

AssociateMacSecKey

PDF

Associates a MAC Security (MACsec) Connection Key Name (CKN)/ Connectivity Association Key (CAK) pair with an AWS Direct Connect dedicated connection.

You must supply either the secretARN, or the CKN/CAK (ckn and cak) pair in the request.

For information about MAC Security (MACsec) key considerations, see MACsec pre-shared CKN/CAK key considerations in the AWS Direct Connect User Guide.

Request Syntax

{
   "cak": "string",
   "ckn": "string",
   "connectionId": "string",
   "secretARN": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

cak

The MAC Security (MACsec) CAK to associate with the dedicated connection.

You can create the CKN/CAK pair using an industry standard tool.

The valid values are 64 hexadecimal characters (0-9, A-E).

If you use this request parameter, you must use the ckn request parameter and not use the secretARN request parameter.

Type: String

Required: No

ckn

The MAC Security (MACsec) CKN to associate with the dedicated connection.

You can create the CKN/CAK pair using an industry standard tool.

The valid values are 64 hexadecimal characters (0-9, A-E).

If you use this request parameter, you must use the cak request parameter and not use the secretARN request parameter.

Type: String

Required: No

connectionId

The ID of the dedicated connection (dxcon-xxxx), or the ID of the LAG (dxlag-xxxx).

You can use DescribeConnections or DescribeLags to retrieve connection ID.

Type: String

Required: Yes

secretARN

The Amazon Resource Name (ARN) of the MAC Security (MACsec) secret key to associate with the dedicated connection.

You can use DescribeConnections or DescribeLags to retrieve the MAC Security (MACsec) secret key.

If you use this request parameter, you do not use the ckn and cak request parameters.

Type: String

Required: No

Response Syntax

{
   "connectionId": "string",
   "macSecKeys": [ 
      { 
         "ckn": "string",
         "secretARN": "string",
         "startOn": "string",
         "state": "string"
      }
   ]
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

connectionId

The ID of the dedicated connection (dxcon-xxxx), or the ID of the LAG (dxlag-xxxx).

Type: String

macSecKeys

The MAC Security (MACsec) security keys associated with the dedicated connection.

Type: Array of MacSecKey objects

Errors

For information about the errors that are common to all actions, see Common Errors.

DirectConnectClientException

One or more parameters are not valid.

HTTP Status Code: 400

DirectConnectServerException

A server-side error occurred.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.