Share AWS DirectConnect between multiple accounts

Question

AWS allows you to share your DirectConnect connection amongst multiple AWS accounts via a hosted virtual interface (instructions here). I have a pfSense device on the local side of an MPLS line for the BGP connection. All of this works currently. When it was initially set up, there was only 1 AWS account to connect to, and that's all that was configured.

Now, there are 3 AWS accounts to connect to and share the DirectConnect. I was wondering if the following configuration would work:

AWS:
Configure Virtual Interface (MAIN account)
vlan: 600
MyRouter: 169.254.255.1/24
AmazonRouter: 169.254.255.254/24
BGP Key: 12345
AS: 65000

Configure Virtual Interface (secondary account)
vlan: 601
MyRouter: 169.254.255.1/24
AmazonRouter: 169.254.255.254/24
BGP Key: 12345
AS: 65000

Configure Virtual Interface (tertiary account)
vlan: 602
MyRouter: 169.254.255.1/24
AmazonRouter: 169.254.255.254/24
BGP Key: 12345
AS: 65000

Local:
Local (pfSense connected to mpls provider) Physical port4
vlan600; vlan601; vlan602; -- Bound to physical port4

interface AWS-Main-vlan600
IP: 169.254.255.1/24
GW: 169.254.255.254

interface AWS-secondary-vlan601
IP: 169.254.255.2/24
GW: 169.254.255.254

interface AWS-tertiary-vlan601
IP: 169.254.255.3/24
GW: 169.254.255.254

Local BGP Config:
AS: 65000
Router ID: 169.254.255.1
Networks to distribute: (my local networks)
Neighbor IP: 169.254.255.254
Neighbor BGP Key: 12345
Neighbor AS: 7224

Thank you for any assistance!!

Answer 1

AWS Virtual Interfaces (VIF) require unique VLANs and non-overlapping IP addresses. Based on your config, I assume that you are using private VIFs to access the workloads in your VPC (c.f., public VIFs for accessing AWS public services such as S3).

Change your VLANs to be unique and change the IP addresses on the VIFs to be non-overlapping. Engineers typically use IPv4 /30 or /31 subnets to number point-to-point links.