Keycloak on Amazon Web Services

View implementation guide

What does this Amazon Web Services Solution do?

This solution allows you to quickly deploy a Keycloak cluster on Amazon Web Services Cloud. Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services. Providing a customizable user interface, Keycloak supports use cases such as Single Sign-On (SSO), user registration, user federation, etc. It strives to conform to standard protocols such as OpenID Connect, OAuth 2.0 and SAML 2.0. Customers can configure Keycloak to integrate with Active Directory and LDAP. You can also setup Keycloak to delegate authentication to third-party identity providers.

Amazon Web Services Solution overview

The following diagram shows the architecture diagram of this solution. You can use the deployment guide and the Amazon CloudFormation template for automated deployment.

Keycloak on Amazon Web Services

  • A highly available architecture that spans two Availability Zones.
  • An Amazon Virtual Private Cloud (Amazon VPC) configured with public and private subnets, according to Amazon best practices, to provide you with your own virtual network on Amazon Web Services.
  • In the public subnets, managed Network Address Translation (NAT) gateways to allow outbound internet access for resources in the private subnets.
  • In the private subnets:
  • IAM role for the Amazon ECS service.
  • Secrets from Amazon Secrets Manager for Keycloak console login and database connection.
  • Amazon Certificate Manager (ACM), which uses your existing certificate for the custom domain name on the Application Load Balancer.
  • Amazon Route 53 alias record, which is required for the custom domain name.
Read more 
Show less

Keycloak on Amazon Web Services

Version 2.1.0
Last updated: 07/2022
Author: Amazon Web Services 

Estimated deployment time: 30 min

Source code 
View implementation guide
Launch solution in the existing VPC using Amazon Aurora Serverless MySQL-Compatible as Database (China Regions)
Launch solution in new VPC using Amazon Aurora Serverless MySQL-Compatible as Database (China Regions)
Launch solution in the existing VPC using Amazon Aurora MySQL-Compatible as Database (China Regions)
Launch solution in new VPC using Amazon Aurora MySQL-Compatible as Database (China Regions)
Launch solution in the existing VPC using Amazon Aurora Serverless MySQL-Compatible as Database (Global Regions)
Launch solution in new VPC using Amazon Aurora Serverless MySQL-Compatible as Database (Global Regions)
Launch solution in the existing VPC using Amazon Aurora MySQL-Compatible as Database (Global Regions)
Launch solution in new VPC using Amazon Aurora MySQL-Compatible as Database (Global Regions)

Features

Standard protocols

Keycloak supports OpenID Connect, OAuth 2.0 and SAML 2.0 standard protocols.

Integration with different services

Customers can configure Keycloak to integrate with Active Directory and LDAP. Customers can also setup Keycloak to delegate authentication to third-party identity providers.

Automatic deployment

Customers can “1-click” launch Keycloak via CloudFormation template. Amazon CloudFormation will automatically setup Amazon Web Services resources required for this solution.
Explore all Amazon Web Services Solutions

Browse our portfolio of Amazon Web Services -built solutions to common architectural problems.

Learn more 
Find a Partner

Find Amazon Web Services certified consulting and technology partners to help you get started.

Learn more 
Start building in the console

Sign-up and start exploring our services.

Get started 
Close
Live Chat Contact Us

Live Chat Contact Us

Chat with expert to help you
Hot Contact Us

Hotline Contact Us

1010 0766
Beijing Region
Operated By Sinnet
1010 0966
Ningxia Region
Operated By NWCD
Form Contact Us

Form Contact Us

Submit form to contact with solution consultant