Feat: Cloud gateways networking diagram

app/_includes/md/konnect/cloud-gateway-networking.md

@@ -0,0 +1,54 @@
+<!--vale off -->
+{% mermaid %}
+flowchart LR
+
+A(API or service)
+B(API or service)
+C(API or service)
+D(<img src="/assets/images/icons/third-party/aws-transit-gateway-attachment.svg" style="max-height:32px" class="no-image-expand"/>AWS \n Transit Gateway \n attachment)
+E(<img src="/assets/images/icons/third-party/aws-transit-gateway.svg" style="max-height:32px" class="no-image-expand"/> AWS \n Transit Gateway)
+F(<img src="/assets/images/icons/third-party/aws-transit-gateway-attachment.svg" style="max-height:32px" class="no-image-expand"/>AWS \n Transit Gateway \n attachment)
+G(<img src="/assets/images/logos/konglogo-gradient-secondary.svg" style="max-height:32px" class="no-image-expand"/>Konnect \n#40;fully-managed \ndata plane#41;)
+H(<img src="/assets/images/logos/konglogo-gradient-secondary.svg" style="max-height:32px" class="no-image-expand"/>Konnect \n#40;fully-managed \ndata plane#41;)
+I(<img src="/assets/images/logos/konglogo-gradient-secondary.svg" style="max-height:32px" class="no-image-expand"/>Konnect \n#40;fully-managed \ndata plane#41;)
+J(fa:fa-wifi \n Internet)
+
+subgraph 1 [User AWS Cloud]
+    subgraph 2 [Region]
+        subgraph 3 [Virtual Private Cloud #40;VPC#41;]
+        A
+        B
+        C
+        end
+        A & B & C <--> D
+    end
+   D<-->E
+end
+
+subgraph 4 [Kong AWS Cloud]
+    subgraph 5 [Region]
+        E<-->F
+        F <--private API \n access--> G & H & I
+        subgraph 6 [Virtual Private Cloud #40;VPC#41;]
+        G
+        H
+        I
+        end
+    end
+end
+
+G & H & I <--public API \n access--> J
+
+style A stroke:#e07113
+style B stroke:#e07113
+style C stroke:#e07113
+style D stroke:#8c4fff
+style E stroke:#8c4fff,fill:#8c4fff,color:#fff
+style F stroke:#8c4fff
+style 2 stroke:#167eba,color:#167eba,stroke-dasharray:3
+style 5 stroke:#167eba,color:#167eba,stroke-dasharray:3
+style 3 stroke:#238813,color:#238813,stroke-dasharray:3
+style 6 stroke:#238813,color:#238813,stroke-dasharray:3
+
+{% endmermaid %}
+<!--vale on-->

app/konnect/gateway-manager/data-plane-nodes/transit-gateways.md

@@ -5,6 +5,16 @@ title: How to configure Transit Gateway
 
 This guide walks you through connecting your {{site.konnect_short_name}}-managed Dedicated Cloud Gateways to AWS Transit Gateway, providing a secure and private channel for your API traffic.
 
+## How do Transit Gateways work?
+
+{% include_cached /md/konnect/cloud-gateway-networking.md %}
+
+> _**Figure 3:** In this diagram, the User AWS account represents you are running your microservices, APIs, or applications. 
+You can connect your infrastructure securely to {{site.konnect_short_name}} through an AWS Transit Gateway. 
+On the Kong side, the Kong AWS Cloud is the cloud account running your Dedicated Cloud Gateways, which ingests traffic coming in from the Transit Gateway and securely exposes it to the internet._
+
+To establish private connectivity between the {{site.konnect_short_name}} network and your account or VPC, you need to allow traffic via the [AWS RAM shared resource flow](https://docs.aws.amazon.com/ram/latest/userguide/shareable.html). 
+
 ## Prerequisites 
 
 

app/konnect/gateway-manager/dedicated-cloud-gateways.md

@@ -17,7 +17,7 @@ Dedicated Cloud Gateways offer the following benefits:
 You can manage your Dedicated Cloud Gateway nodes in [Gateway Manager](https://cloud.konghq.com/gateway-manager/).
 
 <img src="/assets/images/products/konnect/gateway-manager/konnect-control-plane-cloud-gateway-wizard.png" alt="cloud gateway wizard" width="1080">
-> _**Figure 3:** The Dedicated Cloud Gateway wizard in the {{site.konnect_short_name}} UI. The wizard allows you to configure the {{site.base_gateway}} version, mode, cluster region, and API access level._
+> _**Figure 1:** The Dedicated Cloud Gateway wizard in the {{site.konnect_short_name}} UI. The wizard allows you to configure the {{site.base_gateway}} version, mode, cluster region, and API access level._
 
 
 ## How do Dedicated Cloud Gateways work? {#dedicated-features}
@@ -37,7 +37,13 @@ Because data plane nodes in Autopilot configuration mode automatically scale, yo
 
 Control planes in {{site.konnect_short_name}} **cannot** contain both Dedicated Cloud Gateway and self-managed data plane nodes.
 
+## Private vs public networks
 
+Dedicated Cloud Gateways support public and private networking.
+* **Public networking:** Easy access to services and APIs, but low security. We recommend only using this option for testing.
+* **Private networking:** A secure way to expose your APIs to the internet.
+
+You can set up private networking for Dedicated Cloud Gateways with [AWS Transit Gateways](/konnect/gateway-manager/data-plane-nodes/transit-gateways/).
 
 ## More information