#

Keycloak Logo

Keycloak Serverless

Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.

SUBSCRIBE

# Prerequisites

# Subscription

The following steps cover the setup of the Keycloak Serverless on the AWS Marketplace. Click the “Continue to Subscribe” button at the top of the AWS Marketplace listing page to continue the process. Keycloak Serverless is available as a monthly subscription on the AWS Marketplace. The subscription includes the software's operational and infrastructure costs for running on AWS.

  1. Subscribe to Solodev on the AWS Marketplace. SUBSCRIBE
  2. Review and accept the "Terms and Conditions".
  3. Click "Continue to Configuration".

Keycloak Serverless Continue to Configuration

# Configure Software

  1. Choose a fulfillment option and software version to launch this software.

Keycloak Configure options

Name Description
Fulfillment option Select a fulfillment option. Default: Deploy Container.
Software version Select the software version. The latest version of Keycloak Serverless is always recommended.
  1. Click "Continue to Launch."

Keycloak continue to launch

# Launch Software

Review the launch configuration details and follow the instructions to launch this software.

To continue the installation, click the Launch button below and follow the outlined steps.

LAUNCH KEYCLOAK

# Create Stack

  1. Create a stack.

Keycloak Serverless Create Stack

  1. Click Next.

# Stack Details

# Provide a stack name
  1. Provide a stack name. Stack name must be 1 to 128 characters, start with a letter, and only contain alphanumeric characters.

Keycloak Serverless stack name

# Parameters
  1. Specify the parameters in the setup section.

Keycloak Serverless params setup

Name Description
CertificateArn (Required) CertificateArn for SSL cert that matches the FQDN above. Please visit the AWS Certificate Manager .
Hostname (Required) Domain name or IP address used to access the Keycloak instance (e.g. keycloak.domain.com).
  1. VPC Settings.

Keycloak Serverless params optional

Name Description
VPCID Choose which VPC the Application should be deployed to.

An Amazon Virtual Private Cloud (VPC) is a dedicated environment that lets you launch the AWS resources that power your Keycloak Serverless in an isolated virtual network. If you do not have a VPC, you will need to create one in your VPC Console. For instructions on how to create a VPC, click here for instructions .
PubSubnets The ID of the public subnets in Availability Zone 1 and 2 in your existing VPC (e.g., subnet-a0246dcd).

A subnet is a range of IP addresses contained in your VPC. You can create AWS resources, such as EC2 instances, in specific subnets, enabling you to group network resources more efficiently. If you do not have any existing subnets, you will need to create one in your Subnet Console. For instructions, click here . (Choose two).
PrivSubnets The ID of the private subnets in Availability Zone 1 and 2 in your existing VPC (e.g., subnet-a0246dcd). (Choose two).
DBSubnets The ID of the database subnets in Availability Zone 1 and 2 in your existing VPC (e.g., subnet-a0246dcd). (Choose two).
  1. Fargate Task Size Settings

Keycloak Serverless Fargate Task Size Settings

Name Description
TaskCPU The amount of CPU to reserve for your keycloak task.
TaskMemory The amount of memory to reserve for your keycloak task. Please confirm the memory you select is compatible with the TaskCPU: https://docs.aws.amazon.com/AmazonECS/latest/userguide/fargate-task-defs.html#fargate-tasks-size
  1. AutoScaling Settings

Keycloak Serverless AutoScaling Settings

Name Description
MinContainers Minimum containers count.
MaxContainers Maximum containers count.
AutoScalingTargetCpuUtilization Auto scaling target CPU utilization.
  1. Environment variable

Keycloak Serverless Environment variable

Name Description
JavaOpts JAVA_OPTS environment variable.
DeletionPolicy A Deletion Policy is a configuration that you can set for resources in AWS CloudFormation templates to specify what should happen to the resource when its stack is deleted.
HostnameStrict Enables strict hostname validation. If you do not have a domain yet, set to false. For production environments, it's recommended to set this to true to ensure the request hostname matches the configured hostname for security purposes, unless your reverse proxy or load balancer overwrites the Host header.
  1. Click Next.

# Configure Stack Options

  1. Add a new tag. This step is optional.

Tags (key-value pairs) are used to apply metadata to AWS resources, which can help in organizing, identifying, and categorizing those resources. You can add up to 50 unique tags for each stack. If you need more information about tags, click here.

Keycloak Serverless tags

  1. Specify an existing AWS Identity and Access Management (IAM) service role that CloudFormation can assume. This step is optional.

Keycloak Serverless permissions

  1. Select the stack failure options.

Keycloak Serverless failure

Name Description
Behavior on provisioning failure Specify the roll back behavior for a stack failure..
Delete newly created resources during a rollback Specify whether resources that were created during a failed operation should be deleted regardless of their deletion policy.

To learn more about the stack failure options, click here .

# Advanced options

  1. You can set additional options for your stack, like notification options and a stack policy. For more information, click here .

Keycloak Serverless advanced options

  1. Click Next.

# Review and create

  1. Review your settings.

  2. Acknowledge the AWS CloudFormation terms. For more information, click here.

Keycloak Serverless capabilities

  1. Click Submit.

# Stacks

  1. Watch your Keycloak being created! Once the status changes from CREATE_IN_PROGRESS to CREATE_COMPLETE, you can access your Keycloak.

Keycloak Stack

  1. Click on the Outputs tab and click on the KeyCloakContainerServiceEndpointURL value.

Keycloak Stack Outputs

  1. This will open your login screen.

Keycloak Login Screen

# Access your credentials

  1. Go to the AWS Secrets Manager console.

  2. In the the filter box, enter KeyCloakKCSecret.

Keycloak Secret

  1. Click on the KeyCloakKCSecret corresponding to the Keycloak you deployed.

  2. On the Overview tab, click Retrieve secret value.

Keycloak retrieve secret

  1. Copy the username and password.

Keycloak secret values

  1. Use the credentials you just retrieve to log in.

Keycloak Login Screen