Configure private hosted zones for Dedicated Cloud Gateway
Use the AWS CLI to authorize VPC association, then call the Konnect API to attach the hosted zone for private DNS resolution.
Prerequisites
Dedicated Cloud Gateway
This is a Konnect tutorial that requires Dedicated Cloud Gateways access.
If you don’t have a Konnect account, you can get started quickly with our onboarding wizard.
- The following Konnect items are required to complete this tutorial:
- Personal access token (PAT): Create a new personal access token by opening the Konnect PAT page and selecting Generate Token.
- Dedicated Cloud Gateway Control Plane Dedicated Cloud Gateway: You can use an existing Dedicated Cloud Gateway or create a new one to use for this tutorial.
- Network ID: The default Dedicated Cloud Gateway network ID can be found in Gateway Manager > Network
- Set these values as environment variables:
export KONNECT_TOKEN='YOUR KONNECT TOKEN' export KONNECT_CONTROL_PLANE_URL=https://us.api.konghq.com export KONNECT_NETWORK_ID='KONNECT NETWORK ID'
AWS CLI
For this tutorial, you need the AWS CLI installed and configured:
-
Install the AWS CLI.
-
After installing, configure and authenticate with AWS:
aws configure
AWS private hosted zone
This tutorial requires:
- An AWS subscription with access to private hosted zones
- Permission to run
route53:create-vpc-association-authorization - A VPC in your AWS account to associate with the zone
You’ll also need the following information:
- Your
hosted-zone-id - Your
VPCRegion - Your
VPCId
Create environment variables to store these credentials:
export AWS_HOSTED_ZONE_ID='YOUR_HOSTED_ZONE_ID'
export AWS_VPC_REGION='YOUR_VPC_REGION'
export AWS_VPC_ID='YOUR_VPC_ID'
Associate Konnect with your private hosted zone
Using the AWS CLI, create an associate between the hosted zone and the VPC:
aws route53 create-vpc-association-authorization \
--hosted-zone-id Z082811935OXJB57VZOSV \
--vpc VPCRegion=us-east-2,VPCId=$AWS_VPC_ID
Create the Private DNS config
Connect the Dedicated Cloud Gateway to an AWS Route 53 private hosted zone:
curl -X POST "https://global.api.konghq.com/v2/cloud-gateways/networks/$KONNECT_NETWORK_ID/private-dns" \
-H "Authorization: Bearer $KONNECT_TOKEN"\
-H "Accept: application/json"\
-H "Content-Type: application/json" \
--json '{
"name": "'$AWS_PRIVATE_DNS_NAME'",
"private_dns_attachment_config": {
"kind": "aws-private-hosted-zone-attachment",
"hosted_zone_id": "'$AWS_HOSTED_ZONE_ID'"
}
}'
Validation
After a few moments, your private hosted zone will be associated with the Dedicated Cloud Gateway VPC and you can now resolve requests over the VPC peering connection. To validate that everything was configured correctly, issue a GET request to the /private-dns endpoint to retrieve zone information:
curl -X GET "https://global.api.konghq.com/v2/cloud-gateways/networks/$KONNECT_NETWORK_ID/private-dns" \
-H "Authorization: Bearer $KONNECT_TOKEN"