Kong · Guaris · May 16, 2025 · May 20, 2025 · May 21, 2025 · May 21, 2025
@@ -0,0 +1,89 @@
+---
+title: Configure an outbound DNS resolver for Dedicated Cloud Gateway
+description: 'Forward DNS queries from your Dedicated Cloud Gateway to custom DNS servers using an outbound resolver.'
+content_type: how_to
+permalink: /dedicated-cloud-gateways/outbound-dns-resolver/
+breadcrumbs:
+  - /dedicated-cloud-gateways/
+products:
+    - gateway
+
+works_on:
+    - konnect
+
+tldr:
+  q: How do I configure an outbound DNS resolver for my Dedicated Cloud Gateway?
+  a: Set up a Route 53 inbound resolver endpoint, then call the {{site.konnect_short_name}} API to forward specific domains to custom DNS servers.
+
+related_resources:
+  - text: Dedicated Cloud Gateways
+    url: /dedicated-cloud-gateways/
+  - text: Private hosted zones
+    url: /dedicated-cloud-gateways/private-hosted-zones/
+  - text: Route 53 Resolver Endpoints
+    url: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-get-started.html
+  - text: Amazon VPC Documentation
+    url: /dedicated-cloud-gateways/aws-vpc-peering/
+prereqs:
+  skip_product: true
+  inline:
+  - title: "Dedicated Cloud Gateway"
+    include_content: prereqs/dedicated-cloud-gateways
+  - title: "AWS CLI"
+    include_content: prereqs/aws-cli
+
+  - title: "Route 53 inbound resolver endpoint"
+    content: |
+      You need to create an [inbound Route 53 resolver endpoint](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver-get-started.html) in your VPC to receive DNS queries from your Dedicated Cloud Gateway.
+
+      After creating the endpoint, collect the IP addresses assigned to it and the domain zones you want to forward.
+
+      Save them in environment variables:
+      ```sh
+      export RESOLVER_IPS='10.0.0.10,10.1.0.53'
+      export FORWARD_ZONES='example.internal.dev,example2.internal.dev'
+      ```
+
+---
+
+
+## Connect the resolver to your Dedicated Cloud Gateway
+
+Use the Konnect API to configure forwarding rules that send DNS queries to your resolver:
+
+<!--vale off-->
+{% konnect_api_request %}
+url: /v2/cloud-gateways/networks/$KONNECT_NETWORK_ID/private-dns
+status_code: 201
+method: POST
+region: global
+headers:
+  - 'Accept: application/json'
+  - 'Content-Type: application/json'
+body:
+  name: us-east-2 dns resolver
+  private_dns_attachment_config:
+    kind: aws-outbound-resolver
+    dns_config:
+      example.internal.dev:
+        remote_dns_server_ip_addresses:
+          - 10.0.0.10
+      example2.internal.dev:
+        remote_dns_server_ip_addresses:
+          - 10.1.0.53
+{% endkonnect_api_request %}
+<!--vale on-->
+
+
+## Validate
+
+Once the resolver is configured, it may take a few minutes to become active, you can validate success by issuing a `GET` request to
+[`/private-dns`](/api/konnect/cloud-gateways/#/operations/private-dns)
+
+<!--vale off-->
+{% konnect_api_request %}
+url: /v2/cloud-gateways/networks/$KONNECT_NETWORK_ID/private-dns
+status_code: 201
+region: global
+{% endkonnect_api_request %}
+<!--vale on-->
@@ -0,0 +1,97 @@
+---
+title: Configure private hosted zones for Dedicated Cloud Gateway
+description: 'Enable private DNS resolution for your Dedicated Cloud Gateway using either a private hosted zone or an Outbound DNS Resolver.'
+content_type: how_to
+permalink: /dedicated-cloud-gateways/private-hosted-zones/
+breadcrumbs:
+  - /dedicated-cloud-gateways/
+products:
+    - gateway
+
+works_on:
+    - konnect
+
+tldr:
+  q: How do I configure a Private Hosted Zone for my Dedicated Cloud Gateway?
+  a: Use the AWS CLI to authorize VPC association, then call the {{site.konnect_short_name}} API to attach the hosted zone for private DNS resolution.
+related_resources:
+  - text: Dedicated Cloud Gateways
+    url: /dedicated-cloud-gateways/
+  - text: Outbound DNS resolver
+    url: /dedicated-cloud-gateways/outbound-dns-resolver/
+  - text: Amazon VPC Documentation
+    url: https://docs.aws.amazon.com/vpc/latest/userguide/what-is-amazon-vpc.html
+prereqs:
+  skip_product: true
+  inline:
+  - title: "Dedicated Cloud Gateway"
+    include_content: prereqs/dedicated-cloud-gateways
+  - title: "AWS CLI"
+    include_content: prereqs/aws-cli
+  - title: "AWS private hosted zone"
+    content: |
+      This tutorial requires:
+      - An AWS subscription with access to [private hosted zones](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zone-private-creating.html)
+      - Permission to run `route53:create-vpc-association-authorization`
+      - A VPC in your AWS account to associate with the zone
+
+      You'll also need the following information:
+      - Your `hosted-zone-id`
+      - Your `VPCRegion`
+      - Your `VPCId`
+
+      Create environment variables to store these credentials:
+
+      ```sh
+      export AWS_HOSTED_ZONE_ID='YOUR_HOSTED_ZONE_ID'
+      export AWS_VPC_REGION='YOUR_VPC_REGION'
+      export AWS_VPC_ID='YOUR_VPC_ID'
+      ```
+
+---
+
+
+## Associate {{site.konnect_short_name}} with your private hosted zone
+
+Using the AWS CLI, create an associate between the hosted zone and the VPC:
+
+```sh
+aws route53 create-vpc-association-authorization \
+  --hosted-zone-id Z082811935OXJB57VZOSV \
+  --vpc VPCRegion=us-east-2,VPCId=$AWS_VPC_ID
+```
+
+
+## Create the Private DNS config
+
+Connect the Dedicated Cloud Gateway to an AWS Route 53 private hosted zone:
+
+<!--vale off-->
+{% konnect_api_request %}
+url: /v2/cloud-gateways/networks/$KONNECT_NETWORK_ID/private-dns
+status_code: 201
+region: global
+method: POST
+headers:
+  - 'Accept: application/json'
+  - 'Content-Type: application/json'
+body:
+  name: $AWS_PRIVATE_DNS_NAME
+  private_dns_attachment_config:
+    kind: aws-private-hosted-zone-attachment
+    hosted_zone_id: $AWS_HOSTED_ZONE_ID
+{% endkonnect_api_request %}
+<!--vale on-->
+
+## Validation
+
+After a few moments, your private hosted zone will be associated with the Dedicated Cloud Gateway VPC and you can now resolve requests over the VPC peering connection. To validate that everything was configured correctly, issue a `GET` request to the [`/private-dns`](/api/konnect/control-planes/#/operations/private-networks) endpoint to retrieve zone information:
+
+<!--vale off-->
+{% konnect_api_request %}
+url: /v2/cloud-gateways/networks/$KONNECT_NETWORK_ID/private-dns
+status_code: 200
+region: global
+method: GET
+{% endkonnect_api_request %}
+<!--vale on-->
@@ -0,0 +1,101 @@
+---
+title: Set up an AWS VPC peering connection
+description: 'Use the {{site.konnect_short_name}} Cloud Gateways API to create a VPC peering connection with your AWS VPC.'
+content_type: how_to
+permalink: /dedicated-cloud-gateways/aws-vpc-peering/
+breadcrumbs:
+  - /dedicated-cloud-gateways/
+products:
+  - gateway
+works_on:
+  - konnect
+automated_tests: false
+tldr:
+  q: How do I set up a VPC peering connection with my Dedicated Cloud Gateway using the API?
+  a: Use the {{site.konnect_short_name}} API to initiate peering, then accept the request in AWS and update your route table.
+related_resources:
+  - text: Dedicated Cloud Gateways
+    url: /dedicated-cloud-gateways/
+  - text: AWS VPC Peering Documentation
+    url: https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html
+prereqs:
+  skip_product: true
+  inline:
+    - title: "Dedicated Cloud Gateway"
+      include_content: prereqs/dedicated-cloud-gateways
+
+    - title: "AWS credentials and VPC"
+      content: |
+        You'll need:
+
+        - An AWS account with permission to accept VPC peering requests and update route tables
+        - A target AWS VPC ID
+        - The AWS region of your VPC
+        - The VPC's CIDR block
+
+        Save these values:
+
+        ```sh
+        export AWS_ACCOUNT_ID='123456789012'
+        export AWS_VPC_ID='vpc-0f1e2d3c4b5a67890'
+        export AWS_REGION='us-east-2'
+        export AWS_VPC_CIDR='10.1.0.0/16'
+        ```
+
+---
+
+## Initiate the VPC peering connection
+
+Send the following request to the Cloud Gateways API:
+
+<!--vale off-->
+{% konnect_api_request %}
+url: /v2/cloud-gateways/networks/$KONNECT_NETWORK_ID/transit-gateways
+status_code: 201
+region: global
+method: POST
+headers:
+  - 'Accept: application/json'
+  - 'Content-Type: application/json'
+body:
+  name: us-east-2 vpc peering
+  cidr_blocks:
+    - $AWS_VPC_CIDR
+  transit_gateway_attachment_config:
+    kind: aws-vpc-peering-attachment
+    peer_account_id: $AWS_ACCOUNT_ID
+    peer_vpc_id: $AWS_VPC_ID
+    peer_vpc_region: $AWS_REGION
+{% endkonnect_api_request %}
+<!--vale on-->
+
+
+## Accept the peering request in AWS
+
+1. Go to the AWS Console → **VPC** → **Peering Connections**.
+1. Locate the pending request from {{site.konnect_short_name}}.
+1. Select the request and choose **Accept Request**.
+
+## Update your AWS route table
+
+1. In the AWS Console, go to **VPC** → **Route Tables**.
+1. Select the route table for your VPC's subnet.
+1. Add a new route:
+    - **Destination**: The CIDR block of the {{site.konnect_short_name}} network (provided in the peering details).
+    - **Target**: The accepted VPC peering connection.
+1. Save your changes.
+
+This ensures private traffic routing between your VPC and the Dedicated Cloud Gateway.
+
+## Validation
+
+To validate that everything was configured correctly, issue a `GET` request to the [`/transit-gateways`](/api/konnect/control-planes/#/operations/list-transit-gateways) endpoint to retrieve VPC peering information:
+
+<!--vale off-->
+{% konnect_api_request %}
+url: /v2/cloud-gateways/networks/$KONNECT_NETWORK_ID/transit-gateways
+status_code: 200
+region: global
+method: GET
+{% endkonnect_api_request %}
+<!--vale on-->
@@ -0,0 +1,9 @@
+AWS CLI installed and configured
+
+1. Install the [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
+
+2. After installing, configure and authenticate with AWS
+
+    ```
+    aws configure
+    ```
@@ -0,0 +1,90 @@
+This is a Konnect tutorial that requires Dedicated Cloud Gateways access.
+
+If you don't have a Konnect account, you can get started quickly with our [onboarding wizard](https://konghq.com/products/kong-konnect/register?utm_medium=referral&utm_source=docs).
+
+1. The following Konnect items are required to complete this tutorial:
+    * Personal access token (PAT): Create a new personal access token by opening the [Konnect PAT page](https://cloud.konghq.com/global/account/tokens) and selecting **Generate Token**.
+    * Dedicated Cloud Gateway Control Plane Dedicated Cloud Gateway: You can use an existing Dedicated Cloud Gateway or [create a new one](https://cloud.konghq.com/gateway-manager/create-control-plane) to use for this tutorial.
+    * Network ID: The default Dedicated Cloud Gateway network ID can be found in **Gateway Manager** > **Network**
+2. Set these values as environment variables:
+    ```sh
+    export KONNECT_TOKEN='YOUR KONNECT TOKEN'
+    export KONNECT_CONTROL_PLANE_URL=https://us.api.konghq.com
+    export KONNECT_NETWORK_ID='KONNECT NETWORK ID'
+    ```
+
+<!--
+You will also need a Personal Access Token: 
+Create a new personal access token by opening the [Konnect PAT page](https://cloud.konghq.com/global/account/tokens) and selecting **Generate Token**.
+
+Then save that token as an environment variable and your Control Plane URL as environment variables:
+
+```sh
+export KONNECT_TOKEN='YOUR KONNECT TOKEN'
+export KONNECT_CONTROL_PLANE_URL=https://us.api.konghq.com
+```
+
+Create a Control Plane for Dedicated Cloud Gateways:
+
+    {% control_plane_request %}
+    url: /v2/control-planes
+    status_code: 201
+    method: POST
+    headers:
+      - 'Authorization: Bearer $KONNECT_TOKEN'
+      - 'Content-Type: application/json'
+    body:
+      name: cloud-gateway-control-plane
+      description: A test control plane for Dedicated Cloud Gateways.
+      cluster_type: CLUSTER_TYPE_CONTROL_PLANE
+      cloud_gateway: true
+      proxy_urls:
+        - host: example.com
+          port: 443
+          protocol: https
+    {% endcontrol_plane_request %}
+
+From the response body, export the `control_plane_id`:
+
+```sh
+export CONTROL_PLANE_ID='3e812da0-7c34-4e79-9564-801fce356e5f'
+```
+
+Now, create a Dedicated Cloud Gateway network
+
+{% konnect_api_request %}
+url: /v2/cloud-gateways/networks
+region: global
+status_code: 201
+method: GET
+{% endkonnect_api_request %}
+
+Save the result as an environment variable:
+
+```sh
+export NETWORK_ID='YOUR_NETWORK_ID'
+```
+
+
+Use the following endpoint to provision a Dedicated Cloud Gateway Data Plane:
+
+    {% control_plane_request %}
+    url: /v2/cloud-gateways/configurations
+    status_code: 201
+    method: PUT
+    headers:
+      - 'Authorization: Bearer $KONNECT_TOKEN'
+      - 'Content-Type: application/json'
+    body:
+      control_plane_id: $CONTROL_PLANE_ID
+      version: "3.6"
+      control_plane_geo: us
+      dataplane_groups:
+        - provider: aws
+          region: ap-northeast-1
+          cloud_gateway_network_id: $NETWORK_ID
+          autoscale:
+            kind: autopilot
+            base_rps: 100
+    {% endcontrol_plane_request %}
+-->