A company is migrating its record-keeping application to the AWS Cloud, requiring all traffic between its on-premises data center and AWS to be encrypted at all times and across every transit device during the migration.

The application will span multiple Availability Zones within a single AWS Region and will utilize existing 10 Gbps AWS Direct Connect dedicated connections with a MACsec-capable port. A network engineer must ensure the Direct Connect connection is secured at every transit device.

The network engineer has created a Connection Key Name and Connectivity Association Key (CKN/CAK) pair for the MACsec secret key.

Which two additional steps should the network engineer take to meet the requirements?