Keycloak IaC

iac keycloak oss terraform

Keycloak is a flexible, open source, identify access and management solution (Red Hat SSO being the commercial variant). While there is a growing community, much information is focused on service integration.

After Terraforming supporting infrastructure, I wanted to share a “batteries included” project to quickly get anyone adopting Keycloak up and running. If you already use Keycloak, it may provide inspiration. If you find it lacking, please help extend it for the greater good.

The project takes an opinionated approach to simplify bootstrapping new environments. Larger architectural choices and sensible defaults have been encapsulated. Many of these can be overridden by power users.

Out of the box you get template-based environments leveraging AWS services as building blocks (including a number of Fargate-specific tweaks). Required network infrastructure is fully-managed, but can also be replaced with your own. Remote state is automatically configured, keeping critical details off local disk (encrypted) and ensuring environments can be managed by teams. Single-command build/deploy and easy scaling reduce cognitive load.

Browse the project repo. Open issues or submit PRs if you spot bugs or have feature requests. With community effort, we can make it easier for everyone to deploy Keycloak consistently and securely.

NOTE: Republished as part of migrating from Ghost to Hugo.