cdk-keycloak


Namecdk-keycloak JSON
Version 2.9.0 PyPI version JSON
download
home_pagehttps://github.com/aws-samples/cdk-keycloak.git
SummaryCDK construct library that allows you to create KeyCloak service on AWS in TypeScript or Python
upload_time2023-10-17 05:18:47
maintainer
docs_urlNone
authorPahud Hsieh<pahudnet@gmail.com>
requires_python~=3.7
licenseApache-2.0
keywords
VCS
bugtrack_url
requirements No requirements were recorded.
Travis-CI No Travis.
coveralls test coverage No coveralls.
            [![NPM version](https://badge.fury.io/js/cdk-keycloak.svg)](https://badge.fury.io/js/cdk-keycloak)
[![PyPI version](https://badge.fury.io/py/cdk-keycloak.svg)](https://badge.fury.io/py/cdk-keycloak)
[![release](https://github.com/aws-samples/cdk-keycloak/actions/workflows/release.yml/badge.svg)](https://github.com/aws-samples/cdk-keycloak/actions/workflows/release.yml)

# `cdk-keycloak`

CDK construct library that allows you to create [KeyCloak](https://www.keycloak.org/) on AWS in TypeScript or Python

> **Note**
>
> This project has been migrated to CDK v2.
>
> CDK v1 compatible version is deprecated now.

# Sample

For Keycloak 17+ versions, please specify hostname for the Keycloak server.

```python
import { KeyCloak } from 'cdk-keycloak';

const app = new cdk.App();

const env = {
  region: process.env.CDK_DEFAULT_REGION,
  account: process.env.CDK_DEFAULT_ACCOUNT,
};

const stack = new cdk.Stack(app, 'keycloak-demo', { env });
new KeyCloak(stack, 'KeyCloak', {
  hostname: 'keycloak.example.com',
  certificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/293cf875-ca98-4c2e-a797-e1cf6df2553c',
  keycloakVersion: KeycloakVersion.V22_0_4,
});
```

# Keycloak version pinning

Use `keycloakVersion` to specify the version.

```python
new KeyCloak(stack, 'KeyCloak', {
  hostname,
  certificateArn,
  keycloakVersion: KeycloakVersion.V22_0_4,
});
```

To specify any other verion not defined in the construct, use `KeycloakVersion.of('x.x.x')`. This allows you to specify any new version as soon as it's available. However, as new versions will not always be tested and validated with this construct library, make sure you fully backup and test before you use any new version in the production environment.

# Aurora Serverless support

The `KeyCloak` construct provisions the **Amaozn RDS cluster for MySQL** with **2** database instances under the hood, to opt in **Amazon Aurora Serverless**, use `auroraServerless` to opt in Amazon Aurora Serverless cluster. Please note only some regions are supported, check [Supported features in Amazon Aurora by AWS Region and Aurora DB engine](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraFeaturesRegionsDBEngines.grids.html) for availability.

```python
// Aurora Serverless v1
new KeyCloak(stack, 'KeyCloak', {
  hostname,
  certificateArn,
  keycloakVersion,
  auroraServerless: true,
});

// Aurora Serverless v2
new KeyCloak(stack, 'KeyCloak', {
  hostname,
  certificateArn,
  keycloakVersion,
  auroraServerlessV2: true,
});
```

Behind the scene, a default RDS cluster for MySQL with 2 database instances will be created.

# Opt-in for Single RDS instance

To create single RDS instance for your testing or development environment, use `singleDbInstance` to turn on the
single db instance deployment.

Plesae note this is not recommended for production environment.

```python
new KeyCloak(stack, 'KeyCloak', {
  hostname,
  certificateArn,
  keycloakVersion,
  singleDbInstance: true,
});
```

# Service Auto Scaling

Define `autoScaleTask` for the ecs service task autoscaling. For example:

```python
new KeyCloak(stack, 'KeyCloak', {
  hostname,
  certificateArn,
  keycloakVersion,
  auroraServerlessV2: true,
  nodeCount: 2,
  autoScaleTask: {
    min: 2,
    max: 10,
    targetCpuUtilization: 60,
  },
});
```

# Customize fargate task settings

Define `taskCpu` or `taskMemory` for overriding the defaults for the ecs service task.
Could be useful for development environments. For example:

```python
new KeyCloak(stack, 'KeyCloak', {
  hostname,
  certificateArn,
  keycloakVersion,
  nodeCount: 1,
  taskCpu: 512,
  taskMemory: 2048,
});
```

# Deploy in existing Vpc Subnets

You can deploy the workload in the existing Vpc and subnets. The `publicSubnets` are for the ALB, `privateSubnets` for the keycloak container tasks and `databaseSubnets` for the database.

The best practice is to specify isolated subnets for `databaseSubnets`, however, in some cases might have no existing isolates subnets then the private subnets are also acceptable.

Consider the sample below:

```python
new KeyCloak(stack, 'KeyCloak', {
  hostname: 'keycloak.example.com',
  keycloakVersion: KeycloakVersion.V22_0_4,
  certificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/293cf875-ca98-4c2e-a797-e1cf6df2553c',
  vpc: ec2.Vpc.fromLookup(stack, 'Vpc', { vpcId: 'vpc-0417e46d' }),
  publicSubnets: {
    subnets: [
      ec2.Subnet.fromSubnetId(stack, 'pub-1a', 'subnet-5bbe7b32'),
      ec2.Subnet.fromSubnetId(stack, 'pub-1b', 'subnet-0428367c'),
      ec2.Subnet.fromSubnetId(stack, 'pub-1c', 'subnet-1586a75f'),
    ],
  },
  privateSubnets: {
    subnets: [
      ec2.Subnet.fromSubnetId(stack, 'priv-1a', 'subnet-0e9460dbcfc4cf6ee'),
      ec2.Subnet.fromSubnetId(stack, 'priv-1b', 'subnet-0562f666bdf5c29af'),
      ec2.Subnet.fromSubnetId(stack, 'priv-1c', 'subnet-00ab15c0022872f06'),
    ],
  },
  databaseSubnets: {
    subnets: [
      ec2.Subnet.fromSubnetId(stack, 'db-1a', 'subnet-0e9460dbcfc4cf6ee'),
      ec2.Subnet.fromSubnetId(stack, 'db-1b', 'subnet-0562f666bdf5c29af'),
      ec2.Subnet.fromSubnetId(stack, 'db-1c', 'subnet-00ab15c0022872f06'),
    ],
  },
});
```

# AWS China Regions

This library support AWS China regions `cn-north-1` and `cn-northwest-1` and will auto select local docker image mirror to accelerate the image pulling. You don't have to do anything.

## Security

See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.

## License

This project is licensed under the Apache-2.0 License.

            

Raw data

            {
    "_id": null,
    "home_page": "https://github.com/aws-samples/cdk-keycloak.git",
    "name": "cdk-keycloak",
    "maintainer": "",
    "docs_url": null,
    "requires_python": "~=3.7",
    "maintainer_email": "",
    "keywords": "",
    "author": "Pahud Hsieh<pahudnet@gmail.com>",
    "author_email": "",
    "download_url": "https://files.pythonhosted.org/packages/1a/ee/2f25f3a745a9a5fe0af3d0e4c0b052eb459191035bbebb9c8387caec3e55/cdk-keycloak-2.9.0.tar.gz",
    "platform": null,
    "description": "[![NPM version](https://badge.fury.io/js/cdk-keycloak.svg)](https://badge.fury.io/js/cdk-keycloak)\n[![PyPI version](https://badge.fury.io/py/cdk-keycloak.svg)](https://badge.fury.io/py/cdk-keycloak)\n[![release](https://github.com/aws-samples/cdk-keycloak/actions/workflows/release.yml/badge.svg)](https://github.com/aws-samples/cdk-keycloak/actions/workflows/release.yml)\n\n# `cdk-keycloak`\n\nCDK construct library that allows you to create [KeyCloak](https://www.keycloak.org/) on AWS in TypeScript or Python\n\n> **Note**\n>\n> This project has been migrated to CDK v2.\n>\n> CDK v1 compatible version is deprecated now.\n\n# Sample\n\nFor Keycloak 17+ versions, please specify hostname for the Keycloak server.\n\n```python\nimport { KeyCloak } from 'cdk-keycloak';\n\nconst app = new cdk.App();\n\nconst env = {\n  region: process.env.CDK_DEFAULT_REGION,\n  account: process.env.CDK_DEFAULT_ACCOUNT,\n};\n\nconst stack = new cdk.Stack(app, 'keycloak-demo', { env });\nnew KeyCloak(stack, 'KeyCloak', {\n  hostname: 'keycloak.example.com',\n  certificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/293cf875-ca98-4c2e-a797-e1cf6df2553c',\n  keycloakVersion: KeycloakVersion.V22_0_4,\n});\n```\n\n# Keycloak version pinning\n\nUse `keycloakVersion` to specify the version.\n\n```python\nnew KeyCloak(stack, 'KeyCloak', {\n  hostname,\n  certificateArn,\n  keycloakVersion: KeycloakVersion.V22_0_4,\n});\n```\n\nTo specify any other verion not defined in the construct, use `KeycloakVersion.of('x.x.x')`. This allows you to specify any new version as soon as it's available. However, as new versions will not always be tested and validated with this construct library, make sure you fully backup and test before you use any new version in the production environment.\n\n# Aurora Serverless support\n\nThe `KeyCloak` construct provisions the **Amaozn RDS cluster for MySQL** with **2** database instances under the hood, to opt in **Amazon Aurora Serverless**, use `auroraServerless` to opt in Amazon Aurora Serverless cluster. Please note only some regions are supported, check [Supported features in Amazon Aurora by AWS Region and Aurora DB engine](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.AuroraFeaturesRegionsDBEngines.grids.html) for availability.\n\n```python\n// Aurora Serverless v1\nnew KeyCloak(stack, 'KeyCloak', {\n  hostname,\n  certificateArn,\n  keycloakVersion,\n  auroraServerless: true,\n});\n\n// Aurora Serverless v2\nnew KeyCloak(stack, 'KeyCloak', {\n  hostname,\n  certificateArn,\n  keycloakVersion,\n  auroraServerlessV2: true,\n});\n```\n\nBehind the scene, a default RDS cluster for MySQL with 2 database instances will be created.\n\n# Opt-in for Single RDS instance\n\nTo create single RDS instance for your testing or development environment, use `singleDbInstance` to turn on the\nsingle db instance deployment.\n\nPlesae note this is not recommended for production environment.\n\n```python\nnew KeyCloak(stack, 'KeyCloak', {\n  hostname,\n  certificateArn,\n  keycloakVersion,\n  singleDbInstance: true,\n});\n```\n\n# Service Auto Scaling\n\nDefine `autoScaleTask` for the ecs service task autoscaling. For example:\n\n```python\nnew KeyCloak(stack, 'KeyCloak', {\n  hostname,\n  certificateArn,\n  keycloakVersion,\n  auroraServerlessV2: true,\n  nodeCount: 2,\n  autoScaleTask: {\n    min: 2,\n    max: 10,\n    targetCpuUtilization: 60,\n  },\n});\n```\n\n# Customize fargate task settings\n\nDefine `taskCpu` or `taskMemory` for overriding the defaults for the ecs service task.\nCould be useful for development environments. For example:\n\n```python\nnew KeyCloak(stack, 'KeyCloak', {\n  hostname,\n  certificateArn,\n  keycloakVersion,\n  nodeCount: 1,\n  taskCpu: 512,\n  taskMemory: 2048,\n});\n```\n\n# Deploy in existing Vpc Subnets\n\nYou can deploy the workload in the existing Vpc and subnets. The `publicSubnets` are for the ALB, `privateSubnets` for the keycloak container tasks and `databaseSubnets` for the database.\n\nThe best practice is to specify isolated subnets for `databaseSubnets`, however, in some cases might have no existing isolates subnets then the private subnets are also acceptable.\n\nConsider the sample below:\n\n```python\nnew KeyCloak(stack, 'KeyCloak', {\n  hostname: 'keycloak.example.com',\n  keycloakVersion: KeycloakVersion.V22_0_4,\n  certificateArn: 'arn:aws:acm:us-east-1:123456789012:certificate/293cf875-ca98-4c2e-a797-e1cf6df2553c',\n  vpc: ec2.Vpc.fromLookup(stack, 'Vpc', { vpcId: 'vpc-0417e46d' }),\n  publicSubnets: {\n    subnets: [\n      ec2.Subnet.fromSubnetId(stack, 'pub-1a', 'subnet-5bbe7b32'),\n      ec2.Subnet.fromSubnetId(stack, 'pub-1b', 'subnet-0428367c'),\n      ec2.Subnet.fromSubnetId(stack, 'pub-1c', 'subnet-1586a75f'),\n    ],\n  },\n  privateSubnets: {\n    subnets: [\n      ec2.Subnet.fromSubnetId(stack, 'priv-1a', 'subnet-0e9460dbcfc4cf6ee'),\n      ec2.Subnet.fromSubnetId(stack, 'priv-1b', 'subnet-0562f666bdf5c29af'),\n      ec2.Subnet.fromSubnetId(stack, 'priv-1c', 'subnet-00ab15c0022872f06'),\n    ],\n  },\n  databaseSubnets: {\n    subnets: [\n      ec2.Subnet.fromSubnetId(stack, 'db-1a', 'subnet-0e9460dbcfc4cf6ee'),\n      ec2.Subnet.fromSubnetId(stack, 'db-1b', 'subnet-0562f666bdf5c29af'),\n      ec2.Subnet.fromSubnetId(stack, 'db-1c', 'subnet-00ab15c0022872f06'),\n    ],\n  },\n});\n```\n\n# AWS China Regions\n\nThis library support AWS China regions `cn-north-1` and `cn-northwest-1` and will auto select local docker image mirror to accelerate the image pulling. You don't have to do anything.\n\n## Security\n\nSee [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.\n\n## License\n\nThis project is licensed under the Apache-2.0 License.\n",
    "bugtrack_url": null,
    "license": "Apache-2.0",
    "summary": "CDK construct library that allows you to create KeyCloak service on AWS in TypeScript or Python",
    "version": "2.9.0",
    "project_urls": {
        "Homepage": "https://github.com/aws-samples/cdk-keycloak.git",
        "Source": "https://github.com/aws-samples/cdk-keycloak.git"
    },
    "split_keywords": [],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "95c13d889924b0ddc4092ebf0cf34b5fc0cf4efdf3410a1e8254d1da7891fd44",
                "md5": "a62453ae6bae540277a9c36fefeec9f5",
                "sha256": "6b42677ed74c2b060ee8ab7cd3712c620602f5bef43a85082a78accd13d0788d"
            },
            "downloads": -1,
            "filename": "cdk_keycloak-2.9.0-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "a62453ae6bae540277a9c36fefeec9f5",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": "~=3.7",
            "size": 74647,
            "upload_time": "2023-10-17T05:18:45",
            "upload_time_iso_8601": "2023-10-17T05:18:45.745783Z",
            "url": "https://files.pythonhosted.org/packages/95/c1/3d889924b0ddc4092ebf0cf34b5fc0cf4efdf3410a1e8254d1da7891fd44/cdk_keycloak-2.9.0-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "1aee2f25f3a745a9a5fe0af3d0e4c0b052eb459191035bbebb9c8387caec3e55",
                "md5": "af6826833344838c835a744fc612aba6",
                "sha256": "0595d72bf3ebdad226852f75c8c282bbd4b64a15e6fc1d3e520d6741433243d6"
            },
            "downloads": -1,
            "filename": "cdk-keycloak-2.9.0.tar.gz",
            "has_sig": false,
            "md5_digest": "af6826833344838c835a744fc612aba6",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": "~=3.7",
            "size": 76407,
            "upload_time": "2023-10-17T05:18:47",
            "upload_time_iso_8601": "2023-10-17T05:18:47.858378Z",
            "url": "https://files.pythonhosted.org/packages/1a/ee/2f25f3a745a9a5fe0af3d0e4c0b052eb459191035bbebb9c8387caec3e55/cdk-keycloak-2.9.0.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2023-10-17 05:18:47",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "aws-samples",
    "github_project": "cdk-keycloak",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "lcname": "cdk-keycloak"
}
        
Elapsed time: 0.15067s