What does this AWS Solution do?
This solution allows customers to quickly deploy a Keycloak cluster on AWS Cloud. Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services. Keycloak providing a customizable user interface, supports use cases such as Single Sign-On (SSO), user registration, user federation, etc. It strives to conform to standard protocols such as OpenID Connect, OAuth 2.0 and SAML 2.0. Customers can configure Keycloak to integrate with Active Directory and LDAP. Customers can also setup Keycloak to delegate authentication to third-party identity providers.
AWS Solution overview
The following diagram shows the architecture diagram of this solution. You can use the deployment guide and the AWS CloudFormation template for automated deployment.

Keycloak on AWS
In this solution, the Keycloak container is deployed on AWS Fargate. With AWS Fargate, customers do not need to manually configure and manage container instances. To ensure high availability, this solution defines two tasks in Amazon ECS. When one task fails, the other task can still provide services.
This solution leverages Amazon RDS as the system database to store Keycloak configuration and user information. To ensure high availability and data security, this solution uses Amazon RDS multi-zone deployment which creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). When an infrastructure failure occurs, Amazon RDS automatically initiates a failover to the up-to-date standby and customers can restore the database immediately after the failover is over.
Keycloak on AWS
Version 1.0.0
Last updated: 09/2020
Author: AWS
Estimated deployment time: 30 min
Features
Standard protocols
Integration with different services
Automatic Deployment

Browse our portfolio of AWS-built solutions to common architectural problems.

Find AWS certified consulting and technology partners to help you get started.