The lecture says Direct Connect provides a private network, and can bypass the client’s ISP. How is this achieved? Does AWS dig up the street and lay its own fiber cable from the client to the data center? I’m assuming it doesn’t, but what does it do?
I think you’re close. This is taken from the AWS Documentation. "AWS Direct Connect links your internal network to an AWS Direct Connect location over a standard Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an AWS Direct Connect router. With this connection, you can create virtual interfaces directly to public AWS services (for example, to Amazon S3) or to Amazon VPC, bypassing internet service providers in your network path. An AWS Direct Connect location provides access to AWS in the Region with which it is associated. You can use a single connection in a public Region or AWS GovCloud (US) to access public AWS services in all other public Regions." Here’s the link: https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html
Give a look in the AWS whitepaper.
"AWS Direct Connect lets you establish a dedicated network connection between your network and one of the AWS Direct Connect locations. Using industry standard 802.1Q virtual LANS (VLANs), this dedicated connection can be partitioned into multiple virtual interfaces. This allows you to use the same connection to access public resources, such as objects stored in Amazon S3 using public IP address space, and private resources such as EC2 instances running within a VPC using private IP address space, while maintaining network separation between the public and private environments. Virtual interfaces can be reconﬁgured at any time to meet your changing needs."
Differently to the AWS VPN, the AWS Direct Connect creates a bypass by using a VLAN standard 802.1Q – Trunk Protocol between your router to the AWS Router.