Multiple Container on AWS ECS EC2 mode

Configuring the server
1

Hello,

I am trying to run Keycloak on an ECS Cluster in AWS. It all works fine with one container, a postgres DB and all the terraform automation associated.
However, I’m strungling to get the multi-container set up working

My understanding is that I should create an S3 bucket (done) give the container task necessary permissions (done) and add it to the JAVA_OPTS_APPEND of the container definition.

Here is an extract of my container definition

environment = [
....
{ name = "KC_CACHE_STACK", value = "ec2" },
{ name = "JAVA_OPTS_APPEND", value = "-Djgroups.s3.region_name=${data.aws_region.current.name} -Djgroups.s3.bucket_name=${aws_s3_bucket.keycloak_cluster_state.bucket}" },
....
]
command = ["start", "--optimized"],

I’ve also re-created the Docker image, pushed to ECR and changed my task definition to use this image instead of using the official one from quay as it seems that it does not include the necessary JAR to talk to AWS (weird to me).

Here is my dockerfile (with the jar that i downloaded locally)

FROM quay.io/keycloak/keycloak:20.0.1 as base
ENV KC_DB=postgres
FROM base as build
COPY native-s3-ping-jar-with-dependencies.jar /opt/keycloak/providers/native-s3-ping-jar-with-dependencies.jar
RUN /opt/keycloak/bin/kc.sh build
FROM base as prod
COPY --from=build /opt/keycloak/ /opt/keycloak/
ENTRYPOINT ["/opt/keycloak/bin/kc.sh"]`

When the container starts I got the following error

Try 'kc.sh start --help' for more information on the available options.
Unknown option: 'start'
Appending additional Java properties to JAVA_OPTS: -Djgroups.s3.region_name=eu-west-1 -Djgroups.s3.bucket_name=*my-bucket-name*

If I change the command to in the task definition without the ‘–optimize’ like :

command = ["start"],

The logs says

Try 'kc.sh build --help' for more information on the available options.
Unknown option: 'build'
Appending additional Java properties to JAVA_OPTS: -Djgroups.s3.region_name=eu-west-1 -Djgroups.s3.bucket_name=*my-bucket-name*

Am I missing something in my dockerfile or in the container definition ?

Thanks for your help