Q：What are the user scenarios?
A：You can use this solution to quickly build up identity and access management system in the Amazon Web Services Cloud with the power of Keycloak. Keycloak provides features such as Single-Sign On/Out, Identity Brokering and Social Login, User Federation etc. Please find more details on Keycloak official website.
Q: How does it work?
A: The solution leverages CloudFormation template or Cloud Development Kit(CDK) to automatically deploy and configure a high available Keycloak cluster on Amazon Web Services Cloud.
The Keycloak cluster will run with Amazon Fargate in the Amazon ECS environment. The corresponding databases and ALB load balancers will be automatically configured.
Q：How much does it cost?
A：You will be charged based on the actual usages of cloud resources. The number of instances is one of the key factors for the cost when using this solution.
Q：What prerequisites do I need to prepare before starting？
- Make sure you already have a EC2 key pair in the target region.
- Make sure you already have a VPC with at least two public subnets, two private subnets, and one NAT gateway in the public subnet.
- Make sure you already have a ICP-licensed domain.
Q：Can I deploy the solution in any Region?
A：You can deploy this solution in most of Amazon Web Services regions, including both Beijing Region operated by NWCD and Ningxia Region operated by Sinnet.
Q：What database types are supported by this solution?
A：You can choose one of the following database types:
1. Amazon RDS Database, which includes two database instances to provide a highly available environment.
2. Amazon Aurora Serverless Database, which provides a highly available environment, and this model does not create any database instances.
3. Amazon RDS Database instance, which provides a single database instance and is not recommended for production environment.
Q：How to specify the initial username and password?
A：The initial administrator accounts and passwords for Keycloak and Databases will be automatically generated and saved in Amazon Secrets Manager for security and compliance purposes.
Q：Why the deployment of Aurora Serverless Database failed?
A：The fact that some Available Zones(AZ) in certain regions(such as us-west-2) do not yet support Aurora Serverless, will result in deployment failure. Please refer to the CloudFormation failure message and select the appropriate AZs for your deployment.
Training and Certification
Amazon Web Services Training and Certification builds your competence, confidence, and credibility through practical cloud skills that help you innovate and build your future. Learn more »
Getting into the Serverless Mindset
This course will orient you to key serverless concepts to help you plan serverless architectures and applications. You will learn how serverless computing and its event-driven orientation influence your approach to application development, parallelization of tasks, and environment management.
Architecting on Amazon Web Services
This course shows you the fundamentals of building IT infrastructure on the Amazon Web Services platform. You learn how to optimize the Amazon Web Services Cloud by understanding Amazon Web Services services and how they fit into cloud-based solutions.
Amazon Web Services Certified Advanced Networking – Specialty
This exam tests your technical expertise in designing and implementing Amazon Web Services and hybrid IT architectures at scale. This is for anyone who performs complex networking tasks.
The Amazon Web Services Partner Network (APN) is focused on helping partners build successful Amazon Web Services -based businesses to drive superb solutions and customer experiences. APN Partners are focused on customer success, helping you take full advantage of all the business benefits that Amazon Web Services has to offer. With their deep expertise on Amazon Web Services , APN Partners are uniquely positioned to help your company at any stage of your Cloud Adoption Journey and to help you solve some of your most complex problems.