What does this AWS Solution do?

This solution allows customers to quickly deploy a Keycloak cluster on AWS Cloud. Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services. Keycloak providing a customizable user interface, supports use cases such as Single Sign-On (SSO), user registration, user federation, etc. It strives to conform to standard protocols such as OpenID Connect, OAuth 2.0 and SAML 2.0. Customers can configure Keycloak to integrate with Active Directory and LDAP. Customers can also setup Keycloak to delegate authentication to third-party identity providers.

AWS Solution overview

The following diagram shows the architecture diagram of this solution. You can use the deployment guide and the AWS CloudFormation template for automated deployment.

Architecture of Serverless Image Handler

Keycloak on AWS

In this solution, the Keycloak container is deployed on AWS Fargate. With AWS Fargate, customers do not need to manually configure and manage container instances. To ensure high availability, this solution defines two tasks in Amazon ECS. When one task fails, the other task can still provide services.

This solution leverages Amazon RDS as the system database to store Keycloak configuration and user information. To ensure high availability and data security, this solution uses Amazon RDS multi-zone deployment which creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). When an infrastructure failure occurs, Amazon RDS automatically initiates a failover to the up-to-date standby and customers can restore the database immediately after the failover is over.

Keycloak on AWS

Version 1.0.0
Last updated: 09/2020
Author: AWS

Estimated deployment time: 30 min

Source code 

Features

Standard protocols

Keycloak supports OpenID Connect, OAuth 2.0 and SAML 2.0 standard protocols.

Integration with different services

Customers can configure Keycloak to integrate with Active Directory and LDAP. Customers can also setup Keycloak to delegate authentication to third-party identity providers.

Automatic Deployment

Customers can “1-click” launch Keycloak via CloudFormation template. AWS CloudFormation will automatically setup AWS resources required for this solution.
Product-Page_Standard-Icons_01_Product-Features_SqInk
Explore all AWS Solutions

Browse our portfolio of AWS-built solutions to common architectural problems.

Learn more 
Next-Steps-Icon_Find-a-Partner-B
Find a Partner

Find AWS certified consulting and technology partners to help you get started.

Learn more 
Standard Product Icons (Start Building) Squid Ink
Start building in the console

Sign-up and start exploring our services.

Get started