Keycloak is a flexible, open source, identify access and management solution (Red Hat SSO is the commercial variant). While there is a growing community around it, much of the available information is relatively high level or focused on service integration.

After spending time experimenting my way through Terraforming supporting infrastructure, figuring out Fargate specific tweaks, and automating the build/deploy process to reduce toil, I wanted to share a "batteries included" project meant to quickly get anyone looking to adopt Keycloak up and running. If you already use Keycloak, it may also provide inspiration for your own automation (or if you find it lacking, be something you can help extend for the greater good).

What is "batteries included" exactly? To simplify spinning up environments for those new to Keycloak, the project takes an "opinionated framework" approach. Larger architectural choices as well as sensible defaults have been encapsulated. Many of these can be easily overridden by power users, and larger choices which require more effort to change have plans to enable simpler toggling. I won't detail all of the choices here, since the project documentation already goes into detail and the source will be enough for power users wanting to understand every nuance.

Out of the box you get template-based environments which leverage AWS services as building blocks, including Fargate and Aurora. Supporting network infrastructure is paved as well, but can be easily replaced with existing infrastructure or components provided by modules. Remote state is automatically configured, which ensures critical details are kept off workstations (encrypted), and environments can be managed by large teams without conflicts. Sensible defaults and single-command (really!) container build, service deployment and configuration (including scaling) reduce cognitive load.

Whether you're new to Keycloak and looking for an easy way to quickly spin up supporting infrastructure on AWS, or have existing infrastructure and want a head start on migrating to containerized cloud services... give the repo a browse. Along the way, open issues or submit PRs if you spot bugs or have ideas for features. There's no such thing as one size fits all, but with community effort we can make it easier for everyone to stop reinventing the wheel and deploy Keycloak consistently and securely.

IaC for Keycloak on AWS Fargate. Contribute to deadlysyn/terraform-keycloak-aws development by creating an account on GitHub.