#
Keycloak Logo

Keycloak Serverless

Keycloak provides user federation, strong authentication, user management, fine-grained authorization, and more.

SUBSCRIBE
## Prerequisites * Have an existing [AWS Account](/quickstart/cloud/aws). * Have an existing Certificate :icon-link-external:. * Previously created Hostname :icon-link-external:. * Preexisting VPC LAUNCH STACK :icon-play: ## Subscription The following steps cover the setup of the **Keycloak Serverless** on the AWS Marketplace. Click the **“Continue to Subscribe”** button at the top of the AWS Marketplace listing page to continue the process. Keycloak Serverless is available as a monthly subscription on the AWS Marketplace. The subscription includes the software's operational and infrastructure costs for running on AWS. 1. Subscribe to Solodev on the AWS Marketplace. SUBSCRIBE :icon-link-external: 2. Review and accept the **"Terms and Conditions"**. 3. Click **"Continue to Configuration"**.

Keycloak Serverless Continue to Configuration

!!!NOTE: Once accepted, you will receive a thank you message asking you to configure your software.
This process can take a few moments. Please do not exit the screen or refresh the page. !!! ### Configure Software 1. Choose a fulfillment option and software version to launch this software.

Keycloak Configure options

**Name** | **Description** :--- | --- Fulfillment option | Select a fulfillment option. Default: Deploy Container. Software version | Select the software version. The latest version of Keycloak Serverless is always recommended. 2. Click **"Continue to Launch."**

Keycloak continue to launch

!!!danger Important: On the next screen, click on **"Usage Instructions"** and then select the Quickstart link to continue the installation. !!! ### Launch Software Review the launch configuration details and follow the instructions to launch this software. {% tabs %} {% tab title="CloudFormation" %} To continue the installation, click the **Launch** button below and follow the outlined steps. LAUNCH KEYCLOAK !!!NOTE: If your AWS region is different from `us-east-1`, make sure to select your specific region from the top menu. !!! #### Create Stack 1. Create a stack.

Keycloak Serverless Create Stack

2. Click **Next**. #### Stack Details ##### Provide a stack name 1. Provide a stack name. Stack name must be 1 to 128 characters, start with a letter, and only contain alphanumeric characters.

Keycloak Serverless stack name

##### Parameters 1. Specify the parameters in the setup section.

Keycloak Serverless params setup

Name | Description --- | --- CertificateArn | (Required) CertificateArn for SSL cert that matches the FQDN above. Please visit the AWS Certificate Manager :icon-link-external:. Hostname | (Required) Domain name or IP address used to access the Keycloak instance (e.g. keycloak.domain.com). 2. VPC Settings.

Keycloak Serverless params optional

Name | Description --- | --- VPCID | Choose which VPC the Application should be deployed to.

An Amazon Virtual Private Cloud (VPC) is a dedicated environment that lets you launch the AWS resources that power your Keycloak Serverless in an isolated virtual network. If you do not have a VPC, you will need to create one in your VPC Console. For instructions on how to create a VPC, click here for instructions :icon-link-external:. PubSubnets | The ID of the public subnets in Availability Zone 1 and 2 in your existing VPC (e.g., subnet-a0246dcd).

A subnet is a range of IP addresses contained in your VPC. You can create AWS resources, such as EC2 instances, in specific subnets, enabling you to group network resources more efficiently. If you do not have any existing subnets, you will need to create one in your Subnet Console. For instructions, click here :icon-link-external:. (Choose two). PrivSubnets | The ID of the private subnets in Availability Zone 1 and 2 in your existing VPC (e.g., subnet-a0246dcd). (Choose two). DBSubnets | The ID of the database subnets in Availability Zone 1 and 2 in your existing VPC (e.g., subnet-a0246dcd). (Choose two). 3. Fargate Task Size Settings

Keycloak Serverless Fargate Task Size Settings

Name | Description --- | --- TaskCPU | The amount of CPU to reserve for your keycloak task. TaskMemory | The amount of memory to reserve for your keycloak task. Please confirm the memory you select is compatible with the TaskCPU: https://docs.aws.amazon.com/AmazonECS/latest/userguide/fargate-task-defs.html#fargate-tasks-size :icon-link-external: 4. AutoScaling Settings

Keycloak Serverless AutoScaling Settings

Name | Description --- | --- MinContainers | Minimum containers count. MaxContainers | Maximum containers count. AutoScalingTargetCpuUtilization | Auto scaling target CPU utilization. 5. Environment variable

Keycloak Serverless Environment variable

Name | Description --- | --- JavaOpts | JAVA_OPTS environment variable. DeletionPolicy | A Deletion Policy is a configuration that you can set for resources in AWS CloudFormation templates to specify what should happen to the resource when its stack is deleted. HostnameStrict | Enables strict hostname validation. If you do not have a domain yet, set to `false`. For production environments, it's recommended to set this to `true` to ensure the request hostname matches the configured hostname for security purposes, unless your reverse proxy or load balancer overwrites the `Host` header. !!!Note: If you set `HostnameStrict=true`, you need to create your domain in [Amazon Route 53](https://console.aws.amazon.com/route53). !!! 6. Click **Next**. #### Configure Stack Options 1. Add a new tag. **This step is optional**. Tags (key-value pairs) are used to apply metadata to AWS resources, which can help in organizing, identifying, and categorizing those resources. You can add up to 50 unique tags for each stack. If you need more information about tags, click here.

Keycloak Serverless tags

2. Specify an existing AWS Identity and Access Management (IAM) service role that CloudFormation can assume. **This step is optional**.

Keycloak Serverless permissions

3. Select the stack failure options.

Keycloak Serverless failure

Name | Description --- | --- Behavior on provisioning failure | Specify the roll back behavior for a stack failure.. Delete newly created resources during a rollback | Specify whether resources that were created during a failed operation should be deleted regardless of their deletion policy. To learn more about the stack failure options, click here :icon-link-external:. #### Advanced options 1. You can set additional options for your stack, like notification options and a stack policy. For more information, click here :icon-link-external:.

Keycloak Serverless advanced options

2. Click **Next**. ### Review and create 1. Review your settings. 2. Acknowledge the AWS CloudFormation terms. For more information, [click here](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-template.html?icmpid=docs_cfn_console#using-iam-capabilities).

Keycloak Serverless capabilities

3. Click **Submit**. ### Stacks 1. **Watch your Keycloak being created!** Once the status changes from **CREATE_IN_PROGRESS** to **CREATE_COMPLETE**, you can access your Keycloak.

Keycloak Stack

2. Click on the **Outputs** tab and click on the **KeyCloakContainerServiceEndpointURL** value.

Keycloak Stack Outputs

3. This will open your login screen.

Keycloak Login Screen

### Access your credentials 1. Go to the [AWS Secrets Manager console](https://console.aws.amazon.com/secretsmanager). 2. In the the filter box, enter **KeyCloakKCSecret**.

Keycloak Secret

3. Click on the **KeyCloakKCSecret** corresponding to the Keycloak you deployed. 4. On the **Overview** tab, click **Retrieve secret value**.

Keycloak retrieve secret

5. Copy the **username** and **password**.

Keycloak secret values

6. Use the credentials you just retrieve to log in.

Keycloak Login Screen

{% endtab %} {% endtabs %}