One thing that may not have come across in the post is that one of the reasons we moved into VPC first is that Direct Connect is basically just a big dump pipe to AWS without VPC in place. Without VPC, there's no way to advertise routes for just your instances or to ensure that only traffic to/from your instances goes across the Direct Connect.