Deploy Keycloak to AWS

I want to deploy Keycloak to Amazon, in standalone-ha mode. This scheme is suitable?

There are a couple of questions in this regard:

  • Is it possible to deploy Keycloak to docker on every EC2 instance, or is it not recommended for production?
  • What are the minimum instance types (EC2, RDS) to use based on 1000 users? Only registration and SAML2 authorization will be used.

Thanks a lot in advance!

It is possible. We’ve ran Keycloak on EC2-backed ECS (containerized) since 4.8.3 in standalone-ha mode. Recently moved to Fargate for less to manage, all backed by RDS/Aurora.

I suggest doing your own testing to determine EC2 and DB instance type, but 1000 users is not much. Some initial testing we did had 500 concurrent users (we just stopped when we got a single errand response, we could have pushed further for 95th percentile) with db.r5.large (smallest you can go with postgres RDS if I recall) and it never spiked much. Since we’re Fargate now, “instance type” is different – but that result was with 1024 container units (single core) and 2048MB memory with JVM heap limited to 1024MB (sidecars consume extra resources).

So do some testing to build confidence, but I think you will be happy with containerized Keycloak.

1 Like