---
title: AWS Direct Connect
description: >-
  AWS Direct Connect makes it easy to establish a dedicated network connection
  from your premises to AWS.
breadcrumbs: Docs > Integrations > AWS Direct Connect
---

# AWS Direct Connect
Integration version2.0.0
{% callout %}
# Important note for users on the following Datadog sites: us2.ddog-gov.com

{% alert level="info" %}
To find out if this integration is available in your organization, see your [Datadog Integrations](https://app.datadoghq.com/integrations) page or ask your organization administrator.

To initiate an exception request to enable this integration for your organization, email [support@ddog-gov.com](mailto:support@ddog-gov.com).
{% /alert %}

{% /callout %}

## Overview{% #overview %}

This integration collects metrics from AWS Direct Connect, such as connection state, bit rate ingress and egress, packet rate ingress and egress, and more.

## Setup{% #setup %}

### Installation{% #installation %}

If you haven't already, set up the [Amazon Web Services integration first](https://docs.datadoghq.com/integrations/amazon_web_services.md).

### Metric collection{% #metric-collection %}

1. In the [AWS integration page](https://app.datadoghq.com/integrations/amazon-web-services), ensure that `DirectConnect` is enabled under the `Metric Collection` tab.

1. Add those permissions to your [Datadog IAM policy](https://docs.datadoghq.com/integrations/amazon_web_services.md#installation) in order to collect AWS Direct Connect metrics:

   - `directconnect:DescribeConnections`: Used to list available Direct Connect connections.
   - `directconnect:DescribeTags`: Used to gather custom tags applied to Direct Connect connections.

For more information, see the [Direct Connect policies](https://docs.aws.amazon.com/directconnect/latest/UserGuide/security-iam.html) on the AWS website.

1. Install the [Datadog - AWS Direct Connect integration](https://app.datadoghq.com/integrations/amazon-directconnect).

### Log collection{% #log-collection %}

#### Enable logging{% #enable-logging %}

Configure AWS Direct Connect to send logs either to a S3 bucket or to CloudWatch.

**Note**: If you log to a S3 bucket, make sure that `amazon_directconnect` is set as *Target prefix*.

#### Send logs to Datadog{% #send-logs-to-datadog %}

1. If you haven't already, set up the [Datadog Forwarder Lambda function](https://docs.datadoghq.com/logs/guide/forwarder.md).

1. Once the Lambda function is installed, manually add a trigger on the S3 bucket or CloudWatch log group that contains your AWS Direct Connect logs in the AWS console:

   - [Add a manual trigger on the S3 bucket](https://docs.datadoghq.com/logs/guide/send-aws-services-logs-with-the-datadog-lambda-function.md#collecting-logs-from-s3-buckets)
   - [Add a manual trigger on the CloudWatch Log Group](https://docs.datadoghq.com/logs/guide/send-aws-services-logs-with-the-datadog-lambda-function.md#collecting-logs-from-cloudwatch-log-group)

## Data Collected{% #data-collected %}

### Metrics{% #metrics %}

|  |
|  |
| **aws.dx.connection\_bps\_egress**(rate)                        | The bit rate for outbound data from the AWS side of the connection.*Shown as bit*                                                                                              |
| **aws.dx.connection\_bps\_ingress**(rate)                       | The bit rate for inbound data to the AWS side of the connection.*Shown as bit*                                                                                                 |
| **aws.dx.connection\_crcerror\_count**(count)                   | The total count of cyclic redundancy check (CRC) errors on the connection. Deprecated — use aws.dx.connection_error_count instead.*Shown as error*                             |
| **aws.dx.connection\_discards\_pps\_egress**(rate)              | The packet discard rate for outbound data from the AWS side of the connection, due to buffer overflows, interface congestion, or other network conditions.*Shown as packet*    |
| **aws.dx.connection\_encryption\_state**(gauge)                 | The encryption status of the connection. 1 indicates encryption is up, 0 indicates encryption is down. For LAG connections, 1 indicates all connections have encryption up.    |
| **aws.dx.connection\_error\_count**(count)                      | The total count of all MAC level errors recorded since the last reported data point, including cyclic redundancy check (CRC) errors.*Shown as error*                           |
| **aws.dx.connection\_light\_level\_rx**(gauge)                  | Indicates the health of the fiber connection for ingress (inbound) traffic to the AWS side of the connection.                                                                  |
| **aws.dx.connection\_light\_level\_tx**(gauge)                  | Indicates the health of the fiber connection for egress (outbound) traffic from the AWS side of the connection.                                                                |
| **aws.dx.connection\_pps\_egress**(rate)                        | The packet rate for outbound data from the AWS side of the connection.*Shown as packet*                                                                                        |
| **aws.dx.connection\_pps\_ingress**(rate)                       | The packet rate for inbound data to the AWS side of the connection.*Shown as packet*                                                                                           |
| **aws.dx.connection\_state**(gauge)                             | The state of the connection. 1 indicates up and 0 indicates down.                                                                                                              |
| **aws.dx.virtual\_interface\_bgp\_prefixes\_accepted**(gauge)   | The number of BGP prefixes accepted from the BGP peer on the virtual interface.                                                                                                |
| **aws.dx.virtual\_interface\_bgp\_prefixes\_advertised**(gauge) | The number of BGP prefixes advertised to the BGP peer on the virtual interface.                                                                                                |
| **aws.dx.virtual\_interface\_bgp\_status**(gauge)               | The state of the BGP peering session for the virtual interface. 1 indicates up and 0 indicates down.                                                                           |
| **aws.dx.virtual\_interface\_bps\_egress**(rate)                | The bitrate for outbound data from the AWS side of the virtual interface.*Shown as bit*                                                                                        |
| **aws.dx.virtual\_interface\_bps\_ingress**(rate)               | The bitrate for inbound data to the AWS side of the virtual interface.*Shown as bit*                                                                                           |
| **aws.dx.virtual\_interface\_policed\_bps\_egress**(rate)       | The number of bytes per second traveling from AWS to your on-premises network that were dropped by the Rate Limiter when exceeding the allocated bandwidth.*Shown as bit*      |
| **aws.dx.virtual\_interface\_policed\_bps\_ingress**(rate)      | The number of bytes per second traveling from your on-premises network to AWS that were dropped by the Rate Limiter when exceeding the allocated bandwidth.*Shown as bit*      |
| **aws.dx.virtual\_interface\_policed\_pps\_egress**(rate)       | The number of packets per second traveling from AWS to your on-premises network that were dropped by the Rate Limiter when exceeding the allocated bandwidth.*Shown as packet* |
| **aws.dx.virtual\_interface\_policed\_pps\_ingress**(rate)      | The number of packets per second traveling from your on-premises network to AWS that were dropped by the Rate Limiter when exceeding the allocated bandwidth.*Shown as packet* |
| **aws.dx.virtual\_interface\_pps\_egress**(rate)                | The packet rate for outbound data from the AWS side of the virtual interface.*Shown as packet*                                                                                 |
| **aws.dx.virtual\_interface\_pps\_ingress**(rate)               | The packet rate for inbound data to the AWS side of the virtual interface.*Shown as packet*                                                                                    |
| **aws.dx.virtual\_interface\_utilization\_egress**(gauge)       | The percentage of bandwidth utilized for outbound data from the AWS side of the virtual interface.*Shown as percent*                                                           |
| **aws.dx.virtual\_interface\_utilization\_ingress**(gauge)      | The percentage of bandwidth utilized for inbound data to the AWS side of the virtual interface.*Shown as percent*                                                              |

Each of the metrics retrieved from AWS are assigned the same tags that appear in the AWS console, including but not limited to host name, security-groups, and more.

### Events{% #events %}

The AWS Direct Connect integration does not include any events.

### Service Checks{% #service-checks %}

The AWS Direct Connect integration does not include any service checks.

## Troubleshooting{% #troubleshooting %}

Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).
