CDK construct library that allows you to create KeyCloak service on AWS in TypeScript or Python
Project description
cdk-keycloak
CDK construct library that allows you to create KeyCloak on AWS in TypeScript or Python
Note
This project has been migrated to CDK v2.
CDK v1 compatible version is deprecated now.
Sample
import { KeyCloak } from 'cdk-keycloak';
const app = new cdk.App();
const env = {
region: process.env.CDK_DEFAULT_REGION,
account: process.env.CDK_DEFAULT_ACCOUNT,
};
const stack = new cdk.Stack(app, 'keycloak-demo', { env });
new KeyCloak(stack, 'KeyCloak', {
certificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/293cf875-ca98-4c2e-a797-e1cf6df2553c',
keycloakVersion,
});
Keycloak version pinning
Use keycloakVersion to specify the version.
new KeyCloak(stack, 'KeyCloak', {
certificateArn,
keycloakVersion: KeycloakVersion.V15_0_2,
});
To specify any other verion not defined in the construct, use KeycloakVersion.of('x.x.x'). This allows you to specify any new version as soon as it's available. However, as new versions will not always be tested and validated with this construct library, make sure you fully backup and test before you use any new version in the production environment.
Aurora Serverless support
The KeyCloak construct provisions the Amaozn RDS cluster for MySQL with 2 database instances under the hood, to opt in Amazon Aurora Serverless, use auroraServerless to opt in Amazon Aurora Serverless cluster. Please note only some regions are supported, check Supported features in Amazon Aurora by AWS Region and Aurora DB engine for availability.
// Aurora Serverless v1
new KeyCloak(stack, 'KeyCloak', {
certificateArn,
auroraServerless: true,
keycloakVersion,
});
// Aurora Serverless v2
new KeyCloak(stack, 'KeyCloak', {
certificateArn,
auroraServerlessV2: true,
keycloakVersion,
});
Behind the scene, a default RDS cluster for MySQL with 2 database instances will be created.
Opt-in for Single RDS instance
To create single RDS instance for your testing or development environment, use singleDbInstance to turn on the
single db instance deployment.
Plesae note this is not recommended for production environment.
new KeyCloak(stack, 'KeyCloak', {
certificateArn,
singleDbInstance: true,
keycloakVersion,
});
Service Auto Scaling
Define autoScaleTask for the ecs service task autoscaling. For example:
new KeyCloak(stack, 'KeyCloak', {
auroraServerless: true,
nodeCount: 2,
autoScaleTask: {
min: 2,
max: 10,
targetCpuUtilization: 60,
},
});
Customize fargate task settings
Define taskCpu or taskMemory for overriding the defaults for the ecs service task.
Could be useful for development environments. For example:
new KeyCloak(stack, 'KeyCloak', {
nodeCount: 1,
taskCpu: 512,
taskMemory: 2048,
});
Deploy in existing Vpc Subnets
You can deploy the workload in the existing Vpc and subnets. The publicSubnets are for the ALB, privateSubnets for the keycloak container tasks and databaseSubnets for the database.
The best practice is to specify isolated subnets for databaseSubnets, however, in some cases might have no existing isolates subnets then the private subnets are also acceptable.
Consider the sample below:
new KeyCloak(stack, 'KeyCloak', {
certificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/293cf875-ca98-4c2e-a797-e1cf6df2553c',
vpc: ec2.Vpc.fromLookup(stack, 'Vpc', { vpcId: 'vpc-0417e46d' }),
publicSubnets: {
subnets: [
ec2.Subnet.fromSubnetId(stack, 'pub-1a', 'subnet-5bbe7b32'),
ec2.Subnet.fromSubnetId(stack, 'pub-1b', 'subnet-0428367c'),
ec2.Subnet.fromSubnetId(stack, 'pub-1c', 'subnet-1586a75f'),
],
},
privateSubnets: {
subnets: [
ec2.Subnet.fromSubnetId(stack, 'priv-1a', 'subnet-0e9460dbcfc4cf6ee'),
ec2.Subnet.fromSubnetId(stack, 'priv-1b', 'subnet-0562f666bdf5c29af'),
ec2.Subnet.fromSubnetId(stack, 'priv-1c', 'subnet-00ab15c0022872f06'),
],
},
databaseSubnets: {
subnets: [
ec2.Subnet.fromSubnetId(stack, 'db-1a', 'subnet-0e9460dbcfc4cf6ee'),
ec2.Subnet.fromSubnetId(stack, 'db-1b', 'subnet-0562f666bdf5c29af'),
ec2.Subnet.fromSubnetId(stack, 'db-1c', 'subnet-00ab15c0022872f06'),
],
},
});
AWS China Regions
This library support AWS China regions cn-north-1 and cn-northwest-1 and will auto select local docker image mirror to accelerate the image pulling. You don't have to do anything.
Security
See CONTRIBUTING for more information.
License
This project is licensed under the Apache-2.0 License.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cdk-keycloak-2.8.0.tar.gz.
File metadata
- Download URL: cdk-keycloak-2.8.0.tar.gz
- Upload date:
- Size: 74.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c5561bef8e27fd82f2bf90a409b15c3c269099ba8c4c9848092eaaa5bd5941d4
|
|
| MD5 |
b369fb290f24a51047cbc5b13b6b552a
|
|
| BLAKE2b-256 |
c2263a00301667bc18f95a1479f1326adf9d0dbf8e34998b903d7dee8d086b0b
|
File details
Details for the file cdk_keycloak-2.8.0-py3-none-any.whl.
File metadata
- Download URL: cdk_keycloak-2.8.0-py3-none-any.whl
- Upload date:
- Size: 72.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3f36e41d0eed6ae1a664ee3f801f5d40acc3bca44243b6bf8b67680ddccb6377
|
|
| MD5 |
399a88f982421e9f93c4fe6cdfbd217f
|
|
| BLAKE2b-256 |
325ab742b553eb426e4af79c1db9ce49eab64b64d6a64edcdb16158124ab8e4c
|
