A company utilizes an AWS Direct Connect private VIF with a link aggregation group (LAG) comprising two 10 Gbps connections. The security team has introduced a new mandate requiring layer 2 encryption for external network connections. To comply with this requirement, the network team intends to leverage MACsec support for Direct Connect.

Which three steps should the network team follow to enable this functionality? (Choose three.)