Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



87 Commits

Repository files navigation

Keycloak on ECS with RDS

CI Container build

This is a demo of running Keycloak on ECS with an RDS (PostgreSQL) database.

RDS (PostgreSQL) and Keycloak are run in a private subnet.

An application load-balancer in a public subnet routes traffic to the Keycloak application.

Building the container image

Build an "optimised" Keycloak container using Docker or Podman (container/Dockerfile), and push to ECR:

podman build --platform linux/amd64 -t container
aws ecr get-login-password --region REGION | podman login --username AWS --password-stdin
podman push


Import a HTTPS certificate to ACM. For testing you can create a self-signed certificate (run scripts/

Create an S3 backend configuration file (see ecs-cluster/example.s3.tfbackend). Check the Terraform variables, and define them in a *.tfvars file, e.g. example.tfvars.

Initialise the terraform directory passing (first time only), then run:

cd ecs-cluster
terraform init -backend-config=example.s3.tfbackend
terraform apply -var-file=example.tfvars