Dedicated Cloud Gateways

Dedicated Cloud Gateways are data plane nodes that are fully managed by Kong in Konnect.

You don’t need to host any data planes, while maintaining control over the size and location of the gateway infrastructure. This allows Kong to autoscale your nodes for you and reduces your operational complexity.

Dedicated Cloud Gateways offer the following benefits:

• Konnect handles gateway upgrades for you
• A public or private mode to decide who can view your APIs. In public mode, powered by Kong’s public Edge DNS for clusters, you can expose your APIs to the internet.
• Automatic scaling of data plane nodes to meet changing demand with Autopilot mode
• Support for AWS and Azure in the following regions

You can manage your Dedicated Cloud Gateway nodes in Gateway Manager.

Figure 1: The Dedicated Cloud Gateway wizard in the Konnect UI. The wizard allows you to configure the Kong Gateway version, mode, cluster region, and API access level.

How do Dedicated Cloud Gateways work?

Figure 2: Data planes are hosted in the cloud by Kong. The control plane connects to the database, and the data planes receive configuration from the control plane. Data plane nodes are scaled automatically according to the settings in your Dedicated Cloud Gateway.

When you create a Dedicated Cloud Gateway, Konnect creates a control plane. This control plane, like other Konnect control planes, is hosted by Konnect. You can then deploy data planes in regions close to yours users that will be managed by Konnect.

When you configure your Dedicated Cloud Gateway, you can choose one of two configuration modes to create your data plane nodes:

• Autopilot: In Autopilot mode, you configure how many requests per second you expect the instance to receive, then Kong pre-warms and autoscales the data plane nodes in the cluster for you.
• Custom: In Custom mode, you specify the instance size and type (for example, dev, production, or large production) as well as the number of nodes per cluster.

Because data plane nodes in Autopilot configuration mode automatically scale, you cannot manually increase or decrease nodes. You can only manually increase or decrease data plane nodes when the Dedicated Cloud Gateway is configured in the Custom mode.

Control planes in Konnect cannot contain both Dedicated Cloud Gateway and self-managed data plane nodes.

Private vs public networks

Dedicated Cloud Gateways support public and private networking on AWS.

• Public networking: Easy access to services and APIs, but low security. We recommend only using this option for testing.
• Private networking: A secure way to expose your APIs to the internet.

You can set up private networking for Dedicated Cloud Gateways with AWS Transit Gateways.

Plugin considerations for Dedicated Cloud Gateways

There are some limitations for plugins with Dedicated Cloud Gateways:

• Any plugins that depend on a local agent will not work with Dedicated Cloud Gateways.
• Any plugins that depend on the Status API or on Admin API endpoints will not work.
• Any plugins or functionality that depend on AWS IAM AssumeRole need to be configured differently. This includes Data Plane Resilience.

More information

• Networking and Peering information
• Supported regions
• Data Plane logs
• Transit Gateways
• How to upgrade data planes
• Custom domains
• Custom plugins
• Cloud Gateways API