DOC-1871: Add client VPC and security group setup to dedicated Privat…

[micheleRP]

The BYOC/Dedicated AWS PrivateLink Cloud UI doc was missing the entire client-side VPC and security group setup section, including the critical per-broker port ranges (32000-32500 for Kafka API, 35000-35500 for HTTP Proxy).

• Create shared partial for VPC setup steps used by both UI and API docs
• Add "Configure PrivateLink connection" section to the BYOC/dedicated UI doc (similar but not identical to our Serverless private networking docs)
• Replace inline VPC setup in the API doc with the shared partial

Description

Resolves https://redpandadata.atlassian.net/browse/DOC-1871
Review deadline:

Page previews

Configure AWS PrivateLink in the Cloud Console
Configure AWS PrivateLink with the Cloud API

Checks

• New feature
• Content gap
• Support Follow-up
• Small fix (typos, links, copyedits, etc)

[netlify]

✅ Deploy Preview for rp-cloud ready!

Name	Link
🔨 Latest commit	62a3d03
🔍 Latest deploy log	https://app.netlify.com/projects/rp-cloud/deploys/69a5c02ae6e0f200095c17fe
😎 Deploy Preview	https://deploy-preview-504--rp-cloud.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This pull request consolidates AWS PrivateLink documentation by extracting common VPC setup procedures into a reusable shared partial file (private-links-aws-client-vpc-setup.adoc), which is then referenced across multiple documentation pages. The changes reorganize the aws-privatelink page to replace inline VPC creation steps with includes, expand guidance for both new and existing cluster PrivateLink enablement workflows, and introduce cross-region PrivateLink support. The configure-privatelink-in-cloud-ui page is enhanced with a new subsection that derives cluster domain from bootstrap URLs and includes the shared VPC setup partial, addressing missing security group configuration details previously absent from the Cloud UI flow.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• #480: Both PRs add and expand cross-region AWS PrivateLink support with region-specific guidance and configuration updates.
• #407: Both PRs modify AWS PrivateLink VPC setup documentation to include security group rule configuration details.
• #425: Both PRs enhance PrivateLink documentation with DNS domain guidance and introduce shared DNS-related documentation partials.

Suggested reviewers

• c4milo
• paulzhang97
• paulohtb6
• Feediver1

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: adding client VPC and security group setup guidance to the dedicated PrivateLink documentation.
Linked Issues check	✅ Passed	The PR fulfills all DOC-1871 objectives: adds security group and VPC setup details to the UI doc, includes per-broker port ranges, and ensures consistent documentation between UI and API flows.
Out of Scope Changes check	✅ Passed	All changes directly address DOC-1871 requirements: the new partial, UI doc updates, and API doc refactoring are all within the scope of adding PrivateLink setup guidance.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The pull request description provides clear context, links the related Jira issue (DOC-1871), includes page preview links, and explicitly details the changes made (creating a shared partial, adding configuration section to UI docs, replacing inline setup in API docs).

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch DOC-1871-AWS-Private-Link-Cloud-UI-flow-docs-missing-security-group-setup-details

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@modules/networking/partials/private-links-aws-client-vpc-setup.adoc`:
- Around line 98-104: The example for creating a subnet uses an AZ ID value
("usw2-az1") with the --availability-zone parameter which expects an AZ name
(e.g., "us-west-2a"); update the snippet around the aws ec2 create-subnet
example so the AZ format and flag match: either replace the example AZ value
with an AZ name (us-west-2a) when using --availability-zone, or change the flag
to --availability-zone-id when keeping the AZ ID example (usw2-az1); ensure the
surrounding text clarifies which format is required and keep references to
REGION, PROFILE, CLIENT_VPC_ID and the resulting subnet_id/create-subnet command
consistent.

[simonlord]

Refactor looks good to me.

[simonlord]

"You can also use an existing subnet from your existing VPC"

[micheleRP]

thanks, added!

[paulohtb6]

glossterm for az?

[micheleRP]

added glossterm