As with all AWS services, access can be controlled by a series of policies, and Direct Connect is no different. Configuring access policies allows you to instill granular access in relation to using and implementing Direct Connect.
When using identity-based policies, Direct Connect uses the prefix of directconnect: for any actions.
The following policy is an AWS-managed policy found within IAM titled AWSDirectConnectReadOnlyAccess, and provides read-only access to AWS Direct Connect via the AWS Management Console:
Following on from this, the following policy is another AWS-managed policy, AWSDirectConnectFullAccess, and provides full access to AWS Direct Connect via the AWS Management Console:
You will notice, in these two example policies, that there are two ec2: actions referring to VPN...