We’ve built and administered our own Keycloak servers for a new platform we created. Our Keycloak activity has been minimal and without security concerns as our service hasn’t been under much use. We expect this to change soon. We intend to invite public users and anticipate that it may take off quickly. We will also release our platform as open source, and want to offer a Keycloak service which developers can use at a cost, as opposed to forcing them to stand up their own Keycloak infrastructure. I expect that each external domain would have it’s own Realm, though I’ll await expert opinion on that.
Please what criteria would you use, and what questions would you ask, if you were seeking an outsourced Keycloak service provider?
If anyone has any recommendations or warnings from their own outsource experience that would be helpful please?
I have spoken to a couple of people through this forum and I will come back to you now that the decision to outsource is the determined strategy.
The “AWS Keycloak” service isn’t so much a “service” as a set of CDK and CloudFormation templates to spin up a Keycloak instance on your AWS account. They don’t operate it for you, and have no expertise in Keycloak.
IMO, if you are looking for someone to “outsource” your Keycloak deployment to, I would select someone who has expertise and can help you with Keycloak questions.
That said, I have used their templates to help convince customers of “best practices” for infrastructure, and if you want to take on more of the operational responsibility yourself, the templates linked from that article are a decent way to bootstrap your infrastructure quickly. However, keep in mind the defaults they have there are rather expensive (over $1000US per month).
Yes outsourcing is the route. When googling I’d encountered the AWS offering, and lots of PaaS/IaaS services. Since AWS is such a big player in cloud services, I’m curious how anyone has got on using them. It’s helpful to have your other comments too. Thanks Garth.
I appreciate there are huge variables, but in principle how portable is a Keycloak architecture?
Do different Keycloak service providers offer specific features/addons which effectively reduce portability?
I’d like a long term service provider and it’s not an intention to move around, but I’m interested if choosing a service provider is very permanent or more portable. And wishing to know what to consider ie. what are the lock ins or depenancies.
Most allow easy export of the Keycloak configuration. Some have addons, but you are not required to use them. I’d check with each provider to determine their commitment to portability.