Kong Status

Monitoring: Konnect Middle East Region: Indefinite Outage

The Konnect Middle East Region is undergoing a prolonged outage due to the operational loss of AWS datacenters in the region. The duration of this outage is undetermined. As a result, we have no timeline for service restoration in the ME Region

Customers are encouraged to migrate to one of our other Konnect control plane hosting regions in the EU, Australia, India or the United States. If assistance is required, please reach out to your Kong support representative.

Monitoring: We are observing increased error rates across services in the Konnect Middle East region. Data plane proxy traffic is not impacted.

We are actively working with AWS to resolve the issue and will provide updates as more information becomes available.

Monitoring: Customers in the Middle East (Bahrain) region are operating in a reduced Availability Zone (AZ) configuration due to an ongoing AWS infrastructure issue.

The platform remains available, but some customers in this region may experience intermittent performance degradation or elevated error rates. Data plane proxy traffic is not impacted.

We are actively working with AWS to resolve the issue and will provide updates as more information becomes available.

Monitoring: It was discovered that DNS for KIC reconciliation endpoints were still pointing to the out-of-service region. We have failed over these DNS records now to properly point to our new region. Customers using KIC would have seen 500s' during the reconciliation to Konnect. This was resolved at 10:30 UTC on March 5th.

Monitoring: Current Status Summary for Konnect Middle East Region:

All services have been moved to our failover region in Middle East Almost all services are operational, with 2 caveats:

• Analytics data is delayed several hours. Konnect is accepting and persisting Analytics data, but it is not yet visible or queryable as we continue investigating restoring service.
• The Debugger is operational including trace data; however session logs will not be available in this region.
• Observability is operational; however UUID to display name resolution will not be available in this region.

Everything else is back online. The team will update as we make progress on these remaining items.

Monitoring: Current Status Summary for Konnect Middle East Region:

All services have been moved to our failover region in Middle East Almost all services are operational, with 2 caveats:

• Analytics data is delayed several hours. Konnect is accepting and persisting Analytics data, but it is not yet visible or queryable as we continue investigating restoring service.
• Debugger is unable to accept incoming trace data. While debugging sessions can be started, none of the trace data will be persisted in Konnect until the datastore for traces is restored.

Everything else is back online. The team will update as we make progress on these remaining items.

Monitoring: The data store for traces sent to Debugger is still experiencing issues in the Middle East region. Debugging sessions can be started but no spans will be able to be ingested. The team will update as they bring that service online.

Monitoring: Service remains restored, and Kong engineers will continue to monitor the apps in the new region.

Monitoring: User permission data is now propagating normally again.

Monitoring: Status Update (PDP – ME-SOUTH-1)

User permission data replication in ME-SOUTH-1 (Bahrain) region are experiencing extended latencies. Mitigation has been implemented to cap this to 15 minutes. Updated data should now propagate within a maximum of 15 minutes. We continue to monitor the situation and will provide further updates as needed.

Monitoring: The following services have been restored:

• All Konnect UI-accessible products except for Event Gateway and Metering
• Dataplane connections to the Konnect Control Plane for configuration download and analytics upload

Analytics data is delayed several hours. Konnect is accepting and persisting Analytics data, but it is not yet visible or queryable as we continue investigating restoring service.

Monitoring: The Kong engineering team is now verifying restored services in the Middle East region

Identified: We have restored partial service to Konnect. The UI is working again for Gateway Manager and Dev Portal, as well as all backing APIs.

Dataplane connections to the Control Plane and Telemetry endpoints have been restored for 3 hours and should continue to work.

Identified: We continue to make progress on restoring to a failover region for the Middle East region. Key AWS services to support our failover efforts are beginning to work as of 11am PST. The Konnect engineering team is working to restore and validate all services and data and will update in one hour.

Please note the control plane and telemetry endpoints are already restored, so dataplanes can connect to Konnect.

Identified: Control Plane restored for Config Download and Telemetry

We have restored the control plane and telemetry endpoints. Dataplanes can now connect to the control plane api at me.cp0.konghq.com and me.tp0.konghq.com

This is a read-only instance set up for this incident. Configuration changes are still blocked. But now customers should be able to connect new dataplanes and download their configuration, as well as send telemetry.

The Admin API for changing control plane configuration remains down.

Identified: We are actively migrating the affected services to operate on other Availability Zones in the Bahrain region (ME-SOUTH-1 Region), but critical AWS services are not responding in that region. Our engineers are working to restore full service functionality and we are communicating with AWS to attempt to determine our failover options. At this time we cannot provide an ETA.

We will provide further updates as they become available. Thank you for your patience.

Identified: We are actively migrating the affected services to operate on the two healthy Availability Zones in the Bahrain region (ME-SOUTH-1 Region). Our engineers are working to restore full service functionality and expect the migration to be completed within the next few hours.

We will provide further updates as they become available. Thank you for your patience.

Identified: The incident is ongoing. We are working closely with our cloud provider to monitor restoration efforts. Due to significant physical infrastructure damage in both the UAE and Bahrain regions, recovery is expected to take more time. We appreciate your patience as we work toward a full resolution.

Identified: We are currently observing renewed elevated error rates across multiple Konnect services in ME region related to the AWS outage in that region.

Identified: We are seeing many services in ME region recovering and some services are in degraded state. Dataplanes are not affected as part of this incident. All other Konnect regions are 100% operational and healthy.

Our engineers are closely monitoring the situation. We will provide additional updates as soon as more information becomes available.

Investigating: We are currently observing renewed elevated 5XX error rates across multiple Konnect services in ME region. Our engineering team is actively investigating the issue and assessing customer impact.

We will provide additional updates as soon as more information becomes available.

Monitoring: AWS continues to experience issues some services. However most of Konnect services are now recovered and operating as expected. Our engineers are closely monitoring the services and it's operational efficiency.

Identified: The increased error rates are associated with the AWS me-central-1 outage. Our engineers are monitoring the situation closely.

Investigating: We are seeing increased 5xx in the ME Region. Our engineers are currently investigating the issue.

Resolved: This incident has been resolved.

Monitoring: The issue has been resolved and we are now monitoring.

Monitoring: Creating, Reading, & Deleting PATs through the API & UI is degraded. This does not impact authentication with PATs.

Resolved: On 4/2/2026. Konnect introduced a change as part of our 'secure by default' initiatives for the upcoming 3.14 release, which caused expected_hash syncing issues for some customers' data planes.

For background, when a data plane connects to the Konnect control plane, the configuration is produced for that specific version of the Kong gateway. A configuration hash is calculated based off of the produced config, and stored as the expected config hash. When configuration changes occur, the control plane calculates the new configuration, broadcasts it to the connected data planes, and updates to the new expected hash.

The issue here was the preparation of the control plane for supporting SHA256 to store credential hashes. When this change was introduced, it resulted in a minor structural difference in the produced configuration, but no actual change to the configurations occurred. This led to the same configuration yielding a different hash before and after the deploy.

The way this could get a data plane to report 'out of sync' was the following:

• A data plane is connected and in sync with DP hash and Expected Config Hash a111111a
• The data plane is disconnected/reconnected, and since it is still in sync with DP hash and Expected Config Hash a111111a, a new config is not calculated
• The change to embed SHA256 support in the control plane is deployed
• A new data plane connects with no config loaded, and reports an empty config to the Control Plane
• The control plane generates the slightly altered config, and ends up with a new config hash, which updates the expected config hash to b22222b
• Since no configuration change occurred, the data planes already connected and on 1aaaaaa1 would not have been pushed a change event, and would still be running the same configuration as b222222b but the hash would not match, causing the DPs to appear out of sync

Note: Once any change to the control plane configuration occurred, a new config event would have been delivered, and all previous data planes would have been updated to the hash based on the new structure. Additionally, if an impacted data plane were to disconnect and reconnect, they also would have been brought into sync with the new hash. The issue was the system failing to consider the new hash as an 'event' since it did not change configured proxy behavior.

To address this in the short term, the Konnect engineering team has ensured structural changes like this which result in a config hash will trigger a configuration change event, even when no config has changed.

To address this in the long term, Konnect is moving to a config version tracking methodology that will not be impacted by structural, non-behavioral changes as the hash is.