Kenlo Single-Sign-On

Kenlo Single-Sign-On

Cloud Platform & Technology Stack

AWS | Keycloak Cluster with Terraform | SSO Single-Sign-On | HA Microsoft SQL Clusters | Docker & Containers | AWS Billing Cost Optimization

High Level Overview

The following is a high-level overview of a solution for deploying a Keycloak Single Sign-On (SSO) cluster on Amazon Elastic Container Service (ECS) with Fargate using Terraform.

  • Terraform is used to automate the provisioning and management of the infrastructure resources needed to run the Keycloak cluster.
  • The Keycloak SSO cluster is deployed on ECS Fargate, which is a serverless compute engine for running containerized applications. This means that the infrastructure resources required to run the Keycloak cluster are managed by AWS, and there is no need to provision and manage servers.
  • The Keycloak cluster is composed of multiple Keycloak nodes, running in a load-balanced configuration, to ensure high availability and scalability.
  • A task definition is created to define the resources that each Keycloak node requires and the environment variables, such as database connection details.
  • The Keycloak nodes are configured to use a shared, external database for storing user data and configuration.
  • The ECS service is configured to use a load balancer to distribute incoming traffic to the Keycloak nodes.
  • A security group is created to restrict inbound and outbound traffic to the Keycloak nodes, and an IAM role is created to grant permissions to the ECS task to access other AWS services like S3, Cloudwatch and so on.
  • Once the infrastructure is in place, Terraform uses the Keycloak Helm chart to deploy and configure the Keycloak cluster, including creating the necessary roles and users.
  • Once the Keycloak cluster is deployed and configured, it can be used to authenticate and authorize users across multiple applications within an organization.
  • The Keycloak cluster can be easily scaled up or down, as needed, by modifying the desired task count in the ECS service using Terraform.
  • Terraform also allows to automate the process of rolling updates, backups, and disaster recovery.

Overall, this solution provides a way to deploy a highly-available, scalable Keycloak SSO cluster on ECS Fargate using Terraform, allowing for easy management and maintenance of the infrastructure and Keycloak cluster.