Hello Sims,
This is from the AWS Direct Connect documentation:
AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using industry standard 802.1Q virtual LANS (VLANs), this dedicated connection can be partitioned into multiple virtual interfaces. This allows you to use the same connection to access public resources, such as objects stored in Amazon S3 using public IP address space, and private resources such as EC2 instances running within a VPC using private IP address space, while maintaining network separation between the public and private environments. Virtual interfaces can be reconfigured at any time to meet your changing needs.
AWS uses Virtual Private Cloud (VPC). In a nutshell, this is a virtual network where you configure routing, subnets, etc.
You can create a single VPC where you run all your EC2 instances (virtual machines) and RDS instances (databases) etc, or you can create multiple VPCs and isolate your network resources.
AWS Direct Connect is a L2 trunk which uses 802.1Q so it supports VLANs.
For each VPC, you can use a different VLAN on your L2 trunk. This way, your VPCs remain isolated even when they are connected to your site over the L2 trunk.
A L2 connection usually means it’s an Ethernet based connection so you can use 802.1Q and VLANs. With L3, it’s a routed connection…no 802.1Q and VLANs.
Does this help?
Rene