# Direct Connect gateway attachments in AWS Cloud WAN
AWS Cloud WAN now supports native integration with Direct Connect, simplifying connectivity between your on-premises networks and the AWS cloud. The new capability enables you to directly attach your Direct Connect gateways to Cloud WAN without the need for an intermediate AWS Transit Gateway, allowing seamless connectivity between your data centers or offices with Amazon Virtual Private Cloud (VPCs) across AWS Regions globally.
Cloud WAN allows you to build, monitor, and manage a unified global network that interconnects your resources in the AWS cloud and your on-premises environments. Direct Connect allows you to create a dedicated network connection to AWS bypassing the public Internet and provides improved application performance, greater privacy and security. Previously, you needed to deploy an intermediate transit gateway to interconnect your Direct Connect-based networks with Cloud WAN. Now you can directly attach your Direct Connect gateway to a Cloud WAN core network, simplifying connectivity between your on-premises locations and VPCs. Cloud WAN Direct Connect gateway attachments add support for automatic route propagation between AWS and on-premises networks using BGP (Border Gateway Protocol). Direct Connect gateway attachments also support existing Cloud WAN features, such as central policy-based management, tag-based attachment automation and segmentation for advanced security.
## Prerequisites
The following are required before you can create a Direct Connect gateway attachment in a core network:
+ You must have a Direct Connect account and a valid Direct Connect gateway. A specific Direct Connect gateway can't be used for any other gateway types as long as it remains associated with a core network. This includes virtual gateways, transit gateways, and private virtual interfaces.
+ Only one core network can be associated with a Direct Connect gateway.
For more information about Direct Connect, see the [https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html](https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html).
## Limitations
The following limits apply to Direct Connect gateway attachments in a core network:
+ You can't configure static routes pointing to a Direct Connect gateway attachment as the next hop in a core network policy. Routes must be dynamically advertised from the on-premises network to core network.
+ Direct Connect Border Gateway Protocol (BGP) communities are not supported in a Cloud WAN network.
+ You can't configure a list of allowed prefixes to be advertised over the Direct Connect gateway attachment from Cloud WAN to an on-premises network.
+ The ASN of a Direct Connect gateway must be outside of the ASN range configured for the core network. For example, if you have an ASN range of 64512 - 65534 for the core network, the ASN of the Direct Connect gateway must use an ASN outside of that range.
+ Private IP VPN and Connect attachments are not supported when a Direct Connect gateway attachment is the transport type.
## Route propagation
A Direct Connect gateway attachments support BGP-based dynamic routing for both inbound and outbound directions.
For inbound routes,
+ Cloud WAN learns BGP routes advertised from your on-premises location via the Direct Connect gateway and the transit virtual interface. Routes are learnt in the segment route-tables of the associated core network edges for the attachment.
+ Routes learned in segment route table can be routed across all AWS Regions for that segment.
+ Cloud WAN follows the route evaluation order for the same prefixes learned over multiple attachments. See [Route evaluation](cloudwan-create-attachment.md#cloudwan-route-evaluation) for more information.
For outbound routes,
+ Cloud WAN propagates routes from the segment route table to the Direct Connect gateway, which in turn advertises these routes over transit virtual interfaces to your on-premises locations via BGP.
+ Each core network edge associated with the Direct Connect gateway attachment advertises only its local routes towards the Direct Connect gateway.
+ The AS\$1PATH BGP attribute is retained in these route advertisements to your on-premises locations. For more information about AS\$1PATH and BGP, see [Private virtual interface and transit virtual interface routing policies](https://docs.aws.amazon.com/directconnect/latest/UserGuide/routing-and-bgp.html#private-routing-policies) in the *AWS Direct Connect User Guide*.
## Pricing
As with other Cloud WAN attachments, there is a per-hour charge and per-gigabyte charge for using Direct Connect gateway attachments in a Cloud WAN core network. For more details about pricing, see [AWS Cloud WAN Pricing](https://aws.amazon.com/cloud-wan/pricing/).
**Topics**
+ [Prerequisites](#cloudwan-dxattach-prereqs)
+ [Limitations](#cloudwan-dxattach-limits)
+ [Route propagation](#cloudwan-dxattach-routes)
+ [Pricing](#cloudwan-dxattach-pricing)
+ [Create a Direct Connect gateway attachment](cloudwan-dxattachment-add.md)
+ [View or edit a Direct Connect gateway attachment](cloudwan-dxattachment-update.md)
# Create a Direct Connect gateway attachment for an AWS Cloud WAN core network
You can add a Direct Connect gateway attachment using either the Network Manager console or using the AWS CLI. The Direct Connect gateway must first be created using the Direct Connect console before it can be added as an attachment in Cloud WAN. For more information about Direct Connect gateway attachments and Cloud WAN, see [Direct Connect gateway attachments](cloudwan-dxattach-about.md).
**Topics**
+ [Create a Direct Connect gateway attachment using the console](#cloudwan-dxattachment-console)
+ [Create a Direct Connect gateway attachment using the command line or API](#cloudwan-dxattachment-cli)
## Create a Direct Connect gateway attachment using the console
The following steps create a Direct Connect gateway attachment for a core network using the console.
**To create a Direct Connect gateway attachment using the console**
1. Access the Network Manager console at [https://console.aws.amazon.com/networkmanager/home/](https://console.aws.amazon.com/networkmanager/home).
1. Under **Connectivity**, choose **Global Networks**.
1. On the **Global networks** page, choose the global network link for the core network you want to add an attachment to.
1. In the navigation pane under he name of the global network, choose **Attachments**.
1. Choose **Create attachment**.
1. Enter a **Name** identifying the attachment.
1. From the **Attachment type** drop-down list choose **Direct Connect gateway**.
1. For the **Edge locations**, choose one of the following:
+ **All** — Choose this option if you want to associate all edge locations in your core network with the Direct Connect gateway. When choosing this option, any new edge locations deployed in a core network policy version are automatically added to the Direct Connect gateway attachment and updated with the Direct Connect gateway. This does not automatically update any edge locations you might remove from the core network policy.
+ **Specific** — Choose this option if you want to associate only a subset of edge locations from your core network policy with the Direct Connect gateway. When choosing this option, you must manually add new or remove edge locations to the Direct Connect gateway attachment after deploying a core network policy version. A Direct Connect attachment will be attached to the core network edge according to the core network policy edge locations but will associated to the segment based on the segment edge locations..
1. In the** Direct Connect gateway attachment **section, choose the Direct Connect gateway to use for connecting Direct Connect to the Cloud WAN core network.
**Note**
A Direct Connect gateway can be used for only one core network, and can't be used for any other Direct Connect gateway type.
1. (Optional) For **Routing policy label**, provide a label that will be used to map this policy to attachments. The policy will automatically be applied to any attachment tagged with the same label.
1. Choose **Create attachment**.
## Create a Direct Connect gateway attachment using the command line or API
Use the command line or API to create a Direct Connect gateway attachment.
**To create a Direct Connect gateway attachment using the command line or API**
+ Use `create-direct-connect-gateway-attachment`. See [create-direct-connect-gateway-attachment](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/networkmanager/create-direct-connect-gateway-attachment.html).
# View or edit an AWS Cloud WAN core network Direct Connect gateway attachment
You can update the edge locations for a Direct Connect gateway attachment using either the Network Manager console or using the AWS CLI. The Direct Connect gateway attachment must first be created using the Direct Connect console. For more information about Direct Connect gateway attachments and Cloud WAN, see [Direct Connect gateway attachments](cloudwan-dxattach-about.md).
**Topics**
+ [View or edit a Direct Connect gateway attachment using the console](#cloudwan-dxattachment-update-console)
+ [Manage a Direct Connect gateway attachment routing policy label](#cloudwan-labels-editing-dx)
+ [Update a Direct Connect gateway attachment using the command line or API](#cloudwan-dxattachment-update-cli)
## View or edit a Direct Connect gateway attachment using the console
Use the following steps he following steps to update the edge locations for a Direct Connect gateway attachment. The updated edge locations are automatically associated with the Direct Connect gateway on Direct Connect console.
**To add a Direct Connect gateway attachment using the console**
1. Access the Network Manager console at [https://console.aws.amazon.com/networkmanager/home/](https://console.aws.amazon.com/networkmanager/home).
1. Under **Connectivity**, choose **Global Networks**.
1. On the **Global networks** page, choose the global network link for the core network you want to add an attachment to.
1. In the navigation pane under he name of the global network, choose **Attachments**.
1. Choose the Direct Connect gateway attachment you want to update, and then choose **Edit**.
1. In the **Direct Connect attachment** section, add or remove **Edge locations**, and then choose **Edit attachment**.
## Manage a Direct Connect gateway attachment routing policy label
You can create, modify, or delete routing policy labels for an attachment. Once you add or modify a routing policy label, you'll need to map or remap it to an attachment routing policy. Deleting a routing policy label removes any association with an attachment routing policy.
**To manage attachment routing policy labels**
1. Access the Network Manager console at [https://console.aws.amazon.com/networkmanager/home/](https://console.aws.amazon.com/networkmanager/home).
1. Under **Connectivity**, choose **Global networks**.
1. On the **Global networks** page, choose the global network link for the core network with the attachment.
1. In the navigation pane under the name of the global network, choose **Attachments**.
1. Choose the attachment.
1. In the section showing details about the attachment, choose the **Routing policy** tab, choose **Edit**.
1. Choose **Create** to create a new routing policy label, or choose **Edit** modify the **Routing policy label** as needed.
1. After creating or modifying a routing policy label, you can then associate that label with an attachment routing policy.
1. In the **Attachment routing policy association** section choose the attachment routing policy association you want to map to the routing policy label.
You can delete a routing policy labels for an attachment. Once you delete an attachment, the association from an attachment routing policy is removed permanently.
**To delete an attachment routing policy label**
1. Access the Network Manager console at [https://console.aws.amazon.com/networkmanager/home/](https://console.aws.amazon.com/networkmanager/home).
1. Under **Connectivity**, choose **Global networks**.
1. On the **Global networks** page, choose the global network link for the core network with the attachment.
1. In the navigation pane under the name of the global network, choose **Attachments**.
1. Choose the attachment.
1. In the section showing details about the attachment, choose the **Routing policy** tab, choose **Delete**.
1. Choose **Delete** again to confirm the removal. If the routing policy label was mapped to an attachment routing policy, the **Attachment routing policy association** section updates and removes the policy from the list.
## Update a Direct Connect gateway attachment using the command line or API
Use the command line or API to update a Direct Connect gateway attachment.
**To create a Direct Connect gateway attachment using the command line or API**
+ Use `update-direct-connect-gateway-attachment`. See [update-direct-connect-gateway-attachment](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/networkmanager/update-direct-connect-gateway-attachment.html).