Classes
| Name | Description |
|---|---|
| AddTargetPortPublisher | Publishes a container port common listener.addTargets props. |
| CloudMapNamespaceProvider | A convenience interface for creating a CloudMap namespace. |
| ClusterProvider | Convenience interface for providing ClusterInfo to the cluster construct. |
| DatabaseInstanceProvider | Provides a very basic RDS database instance. |
| DatabaseProvider | Convenience interface for providing DatabaseInfo to the cluster. |
| EcsClusterInfoProvider | Provides a very basic ECS cluster in the given VPC. |
| EnsureMysqlDatabaseExtension | Ensures a MySQL database exists by adding an init container. |
| EnsurePostgresqlDatabaseExtension | Ensures a Postgresql database exists by adding an init container. |
| FargateSpotEcsClusterInfoProvider | Provides an ECS cluster in the given VPC that has FARGATE and FARGATE_SPOT capacity providers enabled. |
| FromClusterInfoProvider | Directly provide cluster info. |
| FromDatabaseInfoProvider | Provide database info directly. |
| FromVpcProvider | Directly provides the given VPC. |
| HttpAlbPortPublisher | Creates a load balancer and an HTTP load balancer. |
| HttpListenerProvider | Creates a load balancer and an HTTP load balancer. |
| HttpsAlbPortPublisher | Creates an application load balancer and an HTTPS listener with the given ACM certificates. |
| HttpsListenerProvider | Creates an application load balancer and an HTTPS listener with the given ACM certificates. |
| IngressAndPrivateVpcProvider | Provides a VPC with both private and public subnets. |
| KeycloakCluster | A complete Keycloak cluster in a box. |
| KeycloakContainerExtension | Adds a keycloak container to a task definition. |
| KeycloakEc2TaskDefinition | The details of a Keycloak task definition running on EC2. |
| KeycloakFargateTaskDefinition | The details of a Keycloak task definition running on Fargate. |
| ListenerProvider | Convenience interface for providing ListenerInfo to the cluster. |
| NlbListenerProvider | Creates a network load balancer listener. |
| NlbPortPublisher | Publishes a port via a Network Load Balancer. |
| PortPublisher | Convenience interface for creating port publishers. |
| ServerlessAuroraDatabaseProvider | Provides a serverless Aurora database cluster. |
| VpcProvider | No description |
Structs
| Name | Description |
|---|---|
| AddTargetPortPublisherProps | Information about how to register with a load balancer. |
| AlbPortPublisherProps | Properties for an ALB port publisher. |
| ClusterInfo | Information about the ecs cluster. |
| DatabaseInfo | Information about needed to connect to the database. |
| DatabaseInstanceProviderProps | Basic props for creating a database instance. |
| EnsureMysqlDatabaseExtensionProps | Props for EnsureMysqlDatabaseExtension. |
| EnsurePostgresqlDatabaseExtensionProps | Props for EnsurePostgresqlDatabaseExtension. |
| FromClusterInfoProviderProps | Props for FromClusterInfoProvider. |
| FromDatabaseInfoProviderProps | Props for FromDatabaseInfoProvider. |
| FromVpcProviderProps | Props for FromVpcProvider. |
| HttpAlbPortPublisherProps | Properties for an HTTP ALB port publisher. |
| HttpsAlbPortPublisherProps | Properties for a new HTTPS-listening load balancer. |
| HttpsListenerProviderProps | Properties for a new HTTPS-listening load balancer. |
| KeycloakClusterProps | Props for KeycloakCluster. |
| KeycloakContainerExtensionProps | Configuration for the Keycloak container. |
| KeycloakEc2TaskDefinitionProps | Props for KeycloakEc2TaskDefinition. |
| KeycloakFargateTaskDefinitionProps | Props for KeycloakFargateTaskDefinition. |
| ListenerInfo | Information about how to register with a load balancer. |
| NlbListenerProviderProps | Information about a network load balancer to create. |
| NlbPortPublisherProps | Information about a network load balancer to create. |
| PrivateDnsNamespaceProviderProps | Props for creating a private Dns Namespace. |
| ServerlessAuroraDatabaseProviderProps | Basic props for creating a serverless Aurora database cluster. |
| VpcInfo | Information about the VPC other providers may opt to use to host their resources. |
Interfaces
| Name | Description |
|---|---|
| ICloudMapNamespaceInfoProvider | Provides CloudMapNamespaceInfo once the VPC is available. |
| IClusterInfoProvider | Provides ClusterInfo after the VPC is available. |
| IDatabaseInfoProvider | Provides DatabaseInfo after the VPC is available. |
| IKeycloakTaskDefinition | A Keycloak task definition. |
| IListenerInfoProvider | Provides ListenerInfo once the VPC is available. |
| IPortPublisher | Publishes container ports. |
| IVpcInfoProvider | Provides VpcInfo. |
Enums
| Name | Description |
|---|---|
| KeycloakDatabaseVendor | The database vendor. |
Publishes a container port common listener.addTargets props.
Implements: IPortPublisher
new AddTargetPortPublisher(listenerInfo: AddTargetPortPublisherProps)- listenerInfo (
AddTargetPortPublisherProps) No description- listener (
aws_elasticloadbalancingv2.IApplicationListener) No description - conditions (
Array<aws_elasticloadbalancingv2.ListenerCondition>) No description Optional - priority (
number) No description Optional
- listener (
A convenience interface for creating a CloudMap namespace.
new CloudMapNamespaceProvider()Create a CloudMap namespaces from a private dns zone.
static privateDns(props?: PrivateDnsNamespaceProviderProps): ICloudMapNamespaceInfoProvider- props (
PrivateDnsNamespaceProviderProps) No description- name (
string) The globally unique name for the namespace. Default: 'keycloak-service-discovery'
- name (
Returns:
Convenience interface for providing ClusterInfo to the cluster construct.
new ClusterProvider()Create an ECS cluster.
static cluster(): IClusterInfoProviderReturns:
Create an ECS cluster with Fargate Spot support.
static fargateSpotCluster(): IClusterInfoProviderReturns:
Provide raw clusterInfo.
static fromClusterInfo(clusterInfo: ClusterInfo): IClusterInfoProvider- clusterInfo (
ClusterInfo) No description- cluster (
aws_ecs.ICluster) The ECS cluster for adding a service.
- cluster (
Returns:
Provides a very basic RDS database instance.
Implements: IDatabaseInfoProvider
new DatabaseInstanceProvider(props?: DatabaseInstanceProviderProps)- props (
DatabaseInstanceProviderProps) No description- engine (
aws_rds.IInstanceEngine) Instance database engine. Default: mysql 8.0 - instanceType (
aws_ec2.InstanceType) Instance type. Default: t2.micro - subnets (
aws_ec2.SubnetSelection) Select subnets to register the database instance in. Optional
- engine (
Convenience interface for providing DatabaseInfo to the cluster.
new DatabaseProvider()Provide a new database instance.
static databaseInstance(props?: DatabaseInstanceProviderProps): DatabaseInstanceProvider- props (
DatabaseInstanceProviderProps) No description- engine (
aws_rds.IInstanceEngine) Instance database engine. Default: mysql 8.0 - instanceType (
aws_ec2.InstanceType) Instance type. Default: t2.micro - subnets (
aws_ec2.SubnetSelection) Select subnets to register the database instance in. Optional
- engine (
Returns:
Provide raw DatabaseInfo.
static fromDatabaseInfo(props: DatabaseInfo): IDatabaseInfoProvider- props (
DatabaseInfo) No description- credentials (
aws_secretsmanager.ISecret) Database credentials in standard RDS json format. - vendor (
KeycloakDatabaseVendor) Database vendor. - connectable (
aws_ec2.IConnectable) A connectable so that the cluster can allow itself to connect to the database. Optional
- credentials (
Returns:
Provide a new serverless aurora cluster.
static serverlessAuroraCluster(props?: ServerlessAuroraDatabaseProviderProps): IDatabaseInfoProvider- props (
ServerlessAuroraDatabaseProviderProps) No description- engine (
aws_rds.IClusterEngine) Cluster engine. Default: rds.DatabaseClusterEngine.AURORA_MYSQL - scaling (
aws_rds.ServerlessScalingOptions) Scaling options. Default: 5 minute auto pause, min and max capacity of 1 acu. - subnets (
aws_ec2.SubnetSelection) Select subnets to register the database cluster in. Optional
- engine (
Returns:
Provides a very basic ECS cluster in the given VPC.
Implements: IClusterInfoProvider
new EcsClusterInfoProvider()Ensures a MySQL database exists by adding an init container.
Makes the default container depend on the successful completion of this container.
Implements: aws_ecs.ITaskDefinitionExtension
new EnsureMysqlDatabaseExtension(props: EnsureMysqlDatabaseExtensionProps)- props (
EnsureMysqlDatabaseExtensionProps) No description- databaseCredentials (
aws_secretsmanager.ISecret) RDS credentials. - databaseName (
string) Name of the database to create. - containerName (
string) Name of the container to add to do this work. Default: 'ensure-mysql-database' - logging (
aws_ecs.LogDriver) Logging driver. Optional
- databaseCredentials (
Apply the extension to the given TaskDefinition.
extend(taskDefinition: TaskDefinition): void- taskDefinition (
aws_ecs.TaskDefinition) No description
Ensures a Postgresql database exists by adding an init container.
Makes the default container depend on the successful completion of this container.
Implements: aws_ecs.ITaskDefinitionExtension
new EnsurePostgresqlDatabaseExtension(props: EnsurePostgresqlDatabaseExtensionProps)- props (
EnsurePostgresqlDatabaseExtensionProps) No description- databaseCredentials (
aws_secretsmanager.ISecret) RDS credentials. - databaseName (
string) Name of the database to create. - containerName (
string) Name of the container to add to do this work. Default: 'ensure-postgresql-database' - logging (
aws_ecs.LogDriver) Logging driver. Optional
- databaseCredentials (
Apply the extension to the given TaskDefinition.
extend(taskDefinition: TaskDefinition): void- taskDefinition (
aws_ecs.TaskDefinition) No description
Provides an ECS cluster in the given VPC that has FARGATE and FARGATE_SPOT capacity providers enabled.
Implements: IClusterInfoProvider
new FargateSpotEcsClusterInfoProvider()Directly provide cluster info.
Implements: IClusterInfoProvider
new FromClusterInfoProvider(props: FromClusterInfoProviderProps)- props (
FromClusterInfoProviderProps) No description- cluster (
aws_ecs.ICluster) The ECS cluster for adding a service.
- cluster (
Provide database info directly.
Implements: IDatabaseInfoProvider
new FromDatabaseInfoProvider(props: FromDatabaseInfoProviderProps)- props (
FromDatabaseInfoProviderProps) No description- credentials (
aws_secretsmanager.ISecret) Database credentials in standard RDS json format. - vendor (
KeycloakDatabaseVendor) Database vendor. - connectable (
aws_ec2.IConnectable) A connectable so that the cluster can allow itself to connect to the database. Optional
- credentials (
Directly provides the given VPC.
Implements: IVpcInfoProvider
new FromVpcProvider(props: FromVpcProviderProps)- props (
FromVpcProviderProps) No description- vpc (
aws_ec2.IVpc) The VPC.
- vpc (
Creates a load balancer and an HTTP load balancer.
Implements: IPortPublisher
new HttpAlbPortPublisher(props?: HttpAlbPortPublisherProps)- props (
HttpAlbPortPublisherProps) No description- healthCheck (
boolean) Enable health checking on this endpoint. Default: true - id (
string) Scope ID of the load balancer. Default: 'LoadBalancer'
- healthCheck (
Creates a load balancer and an HTTP load balancer.
Implements: IPortPublisher, IListenerInfoProvider, IPortPublisher Extends: HttpAlbPortPublisher
new HttpListenerProvider(props?: HttpAlbPortPublisherProps)- props (
HttpAlbPortPublisherProps) No description- healthCheck (
boolean) Enable health checking on this endpoint. Default: true - id (
string) Scope ID of the load balancer. Default: 'LoadBalancer'
- healthCheck (
Creates an application load balancer and an HTTPS listener with the given ACM certificates.
Implements: IPortPublisher
new HttpsAlbPortPublisher(props: HttpsAlbPortPublisherProps)- props (
HttpsAlbPortPublisherProps) No description- healthCheck (
boolean) Enable health checking on this endpoint. Default: true - id (
string) Scope ID of the load balancer. Default: 'LoadBalancer' - certificates (
Array<aws_certificatemanager.ICertificate>) Certificates to use for the ALB listener. - upgradeHttp (
boolean) Upgrade HTTP connection to HTTPS. Default: false - upgradeHttpHost (
string) A host name to redirect to when upgrading to HTTPS. Default: same as the request
- healthCheck (
Creates an application load balancer and an HTTPS listener with the given ACM certificates.
Implements: IPortPublisher, IListenerInfoProvider, IPortPublisher Extends: HttpsAlbPortPublisher
new HttpsListenerProvider(props: HttpsListenerProviderProps)- props (
HttpsListenerProviderProps) No description- certificates (
Array<aws_certificatemanager.ICertificate>) Certificates to use for the ALB listener.
- certificates (
Provides a VPC with both private and public subnets.
Implements: IVpcInfoProvider
new IngressAndPrivateVpcProvider()A complete Keycloak cluster in a box.
Implements: IConstruct, IDependable Extends: Construct
new KeycloakCluster(scope: Construct, id: string, props?: KeycloakClusterProps)- scope (
Construct) No description - id (
string) No description - props (
KeycloakClusterProps) No description- adminConsoleListenerProvider (
IListenerInfoProvider) Add the service's WildFly admin console port to a load balancer. Default: not exposed - adminConsolePortPublisher (
IPortPublisher) Add the service's WildFly admin console port to a load balancer. Default: not exposed - capacityProviderStrategy (
Array<aws_ecs.CfnCluster.CapacityProviderStrategyItemProperty>) Add capacity provider strategy by CDK escape hatch. Optional - circuitBreaker (
boolean) Enable/disable the deployment circuit breaker. Default: true - cloudMapNamespaceProvider (
ICloudMapNamespaceInfoProvider) CloudMap namespace to use for service discovery. Default: creates one named 'keycloak-service-discovery' - cpu (
number) Fargate task cpu spec. Default: 1024 - databaseProvider (
IDatabaseInfoProvider) Database server. Default: creates a new one - desiredCount (
number) How many keycloak cluster members to spin up. Default: 1 - ecsClusterProvider (
IClusterInfoProvider) Provide an ECS cluster. Default: a cluster is automatically created. - healthCheckGracePeriod (
Duration) Initial grace period for Keycloak to spin up. Default: 10 minutes - httpPortPublisher (
IPortPublisher) Publish the service's HTTP port. Default: a new load balancer is automatically created unlesshttpsPortis given. - httpsListenerProvider (
IListenerInfoProvider) Add the service's https port to a load balancer. Default: not exposed - httpsPortPublisher (
IPortPublisher) Publish the service's HTTPS port. Default: not published - keycloak (
KeycloakContainerExtensionProps) Keycloak configuration options. Optional - listenerProvider (
IListenerInfoProvider) Add the service's http port to a load balancer. Default: a new load balancer is automatically created unlesshttpsListenerProvideris given. - maxHealthyPercent (
number) The maximum percentage of healthy tasks during deployments. Optional - memoryLimitMiB (
number) Fargate task memory spec. Default: 2048 - minHealthyPercent (
number) The minimum percentage of healthy tasks during deployments. Optional - vpcProvider (
IVpcInfoProvider) VPC to use. Default: creates one - vpcTaskAssignPublicIp (
boolean) Assign public IPs to the Fargate tasks. Default: false - vpcTaskSubnets (
aws_ec2.SubnetSelection) Where to place the instances within the VPC. Optional
- adminConsoleListenerProvider (
| Name | Type | Description |
|---|---|---|
| service | aws_ecs.BaseService |
The ECS service controlling the cluster tasks. |
Adds a keycloak container to a task definition.
To use ECS service discovery
to locate cluster members, you need to call useCloudMapService with the
CloudMap service so that we can configure the correct DNS query.
Implements: aws_ecs.ITaskDefinitionExtension
new KeycloakContainerExtension(props?: KeycloakContainerExtensionProps)- props (
KeycloakContainerExtensionProps) No description- cacheOwnersAuthSessionsCount (
number) The number of distributed cache owners for authentication sessions. Default: same ascacheOwnersCount - cacheOwnersCount (
number) The default number of distributed cache owners for each key. Default: 1 - containerName (
string) A name for the container added to the task definition. Default: 'keycloak' - databaseCredentials (
aws_secretsmanager.ISecret) Secrets manager secret containing the RDS database credentials and connection information in JSON format. Default: none - databaseName (
string) Database name. Default: 'keycloak' - databaseSchema (
string) Database schema. Default: for Postgresql, the default is 'public' - databaseVendor (
KeycloakDatabaseVendor) The database vendor. Default: KeycloakDatabaseVendor.H2 - defaultAdminPassword (
string) Default admin user's password. Default: 'admin' - defaultAdminUser (
string) Default admin user. Default: 'admin' - image (
aws_ecs.ContainerImage) Keycloak container image to use. Default: use jboss/keycloak from docker hub. - infinicacheClustering (
boolean) Enable infinicache clustering. Default: true if any cache owner count is greater than 1 - logging (
aws_ecs.LogDriver) Log driver for the task. Default: cloudwatch with one month retention - memoryLimitMiB (
number) Memory limit of the keycloak task. Default: 1024 - memoryReservationMiB (
number) Memory reservation size for the keycloak task. Default: 80% of memoryLimitMiB
- cacheOwnersAuthSessionsCount (
| Name | Type | Description |
|---|---|---|
| adminConsolePort | number |
Admin console port. |
| cacheOwnersAuthSessionsCount | number |
The number of distributed auth session cache owners for each key. |
| cacheOwnersCount | number |
The number of distributed cache owners for each key. |
| containerName | string |
Name of the container added to the task definition. |
| databaseName | string |
Name of the Keycloak database. |
| databaseVendor | KeycloakDatabaseVendor |
Database vendor. |
| defaultAdminPassword | string |
The default admin user password. |
| defaultAdminUser | string |
The default admin user's name. |
| httpsWebPort | number |
Web traffic port with HTTPS. |
| infinicacheClustering | boolean |
True if infinicache clustering is enabled. |
| webPort | number |
Web traffic port. |
Configure health checks on the target group.
configureHealthCheck(targetGroup: ApplicationTargetGroup): void- targetGroup (
aws_elasticloadbalancingv2.ApplicationTargetGroup) No description
Apply the extension to the given TaskDefinition.
extend(taskDefinition: TaskDefinition): void- taskDefinition (
aws_ecs.TaskDefinition) No description
Inform Keycloak of a CloudMap service discovery mechanism.
useCloudMapService(serviceDiscovery: IService): void- serviceDiscovery (
aws_servicediscovery.IService) No description
The details of a Keycloak task definition running on EC2.
Implements: IConstruct, IDependable, IResource, IDependable, IConstruct, aws_ecs.ITaskDefinition, IDependable, IConstruct, IResource, aws_ecs.IEc2TaskDefinition, IDependable, IConstruct, IResource, aws_ecs.ITaskDefinition, IKeycloakTaskDefinition Extends: aws_ecs.Ec2TaskDefinition
new KeycloakEc2TaskDefinition(scope: Construct, id: string, props?: KeycloakEc2TaskDefinitionProps)- scope (
Construct) No description - id (
string) No description - props (
KeycloakEc2TaskDefinitionProps) No description- executionRole (
aws_iam.IRole) The name of the IAM task execution role that grants the ECS agent permission to call AWS APIs on your behalf. Default: An execution role will be automatically created if you use ECR images in your task definition. - family (
string) The name of a family that this task definition is registered to. Default: Automatically generated name. - proxyConfiguration (
aws_ecs.ProxyConfiguration) The configuration details for the App Mesh proxy. Default: No proxy configuration. - taskRole (
aws_iam.IRole) The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: A task role is automatically created for you. - volumes (
Array<aws_ecs.Volume>) The list of volume definitions for the task. Default: No volumes are passed to the Docker daemon on a container instance. - inferenceAccelerators (
Array<aws_ecs.InferenceAccelerator>) The inference accelerators to use for the containers in the task. Default: No inference accelerators. - ipcMode (
aws_ecs.IpcMode) The IPC resource namespace to use for the containers in the task. Default: IpcMode used by the task is not specified - networkMode (
aws_ecs.NetworkMode) The Docker networking mode to use for the containers in the task. Default: NetworkMode.Bridge for EC2 tasks, AwsVpc for Fargate tasks. - pidMode (
aws_ecs.PidMode) The process namespace to use for the containers in the task. Default: PidMode used by the task is not specified - placementConstraints (
Array<aws_ecs.PlacementConstraint>) An array of placement constraint objects to use for the task. Default: No placement constraints. - keycloak (
KeycloakContainerExtensionProps) Keycloak configuration. Optional
- executionRole (
| Name | Type | Description |
|---|---|---|
| keycloakContainerExtension | KeycloakContainerExtension |
The Keycloak container extension. |
Configures the health check of the application target group.
configureHealthCheck(targetGroup: ApplicationTargetGroup): void- targetGroup (
aws_elasticloadbalancingv2.ApplicationTargetGroup) No description
Register the task definition with a cloudmap service.
useCloudMapService(cloudMapService: IService): void- cloudMapService (
aws_servicediscovery.IService) No description
The details of a Keycloak task definition running on Fargate.
Implements: IConstruct, IDependable, IResource, IDependable, IConstruct, aws_ecs.ITaskDefinition, IDependable, IConstruct, IResource, aws_ecs.IFargateTaskDefinition, IDependable, IConstruct, IResource, aws_ecs.ITaskDefinition, IKeycloakTaskDefinition Extends: aws_ecs.FargateTaskDefinition
new KeycloakFargateTaskDefinition(scope: Construct, id: string, props?: KeycloakFargateTaskDefinitionProps)- scope (
Construct) No description - id (
string) No description - props (
KeycloakFargateTaskDefinitionProps) No description- executionRole (
aws_iam.IRole) The name of the IAM task execution role that grants the ECS agent permission to call AWS APIs on your behalf. Default: An execution role will be automatically created if you use ECR images in your task definition. - family (
string) The name of a family that this task definition is registered to. Default: Automatically generated name. - proxyConfiguration (
aws_ecs.ProxyConfiguration) The configuration details for the App Mesh proxy. Default: No proxy configuration. - taskRole (
aws_iam.IRole) The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: A task role is automatically created for you. - volumes (
Array<aws_ecs.Volume>) The list of volume definitions for the task. Default: No volumes are passed to the Docker daemon on a container instance. - cpu (
number) The number of cpu units used by the task. Default: 256 - ephemeralStorageGiB (
number) The amount (in GiB) of ephemeral storage to be allocated to the task. Default: 20 - memoryLimitMiB (
number) The amount (in MiB) of memory used by the task. Default: 512 - keycloak (
KeycloakContainerExtensionProps) Keycloak configuration. Optional
- executionRole (
| Name | Type | Description |
|---|---|---|
| keycloakContainerExtension | KeycloakContainerExtension |
The Keycloak container extension. |
Configures the health check of the application target group.
configureHealthCheck(targetGroup: ApplicationTargetGroup): void- targetGroup (
aws_elasticloadbalancingv2.ApplicationTargetGroup) No description
Register the task definition with a cloudmap service.
useCloudMapService(cloudMapService: IService): void- cloudMapService (
aws_servicediscovery.IService) No description
Convenience interface for providing ListenerInfo to the cluster.
new ListenerProvider()Add to an existing load balancer.
static fromListenerInfo(listenerInfo: ListenerInfo): IListenerInfoProvider- listenerInfo (
ListenerInfo) No description- listener (
aws_elasticloadbalancingv2.IApplicationListener) No description - conditions (
Array<aws_elasticloadbalancingv2.ListenerCondition>) No description Optional - priority (
number) No description Optional
- listener (
Returns:
Create a load balancer that listens for HTTP.
static http(): IListenerInfoProviderReturns:
Create a load balancer that listens for HTTPS with your certificates.
static https(props: HttpsListenerProviderProps): IListenerInfoProvider- props (
HttpsListenerProviderProps) No description- certificates (
Array<aws_certificatemanager.ICertificate>) Certificates to use for the ALB listener.
- certificates (
Returns:
Create a network load balancer.
static nlb(props: NlbListenerProviderProps): IListenerInfoProvider- props (
NlbListenerProviderProps) No description- port (
number) Port to listen on. - healthCheck (
boolean) Enable health checking on this endpoint. Default: true - id (
string) Scope ID of the load balancer. Default: 'LoadBalancer'
- port (
Returns:
Not added to a load balancer.
static none(): IListenerInfoProviderReturns:
Creates a network load balancer listener.
Implements: IPortPublisher, IListenerInfoProvider, IPortPublisher Extends: NlbPortPublisher
new NlbListenerProvider(props: NlbListenerProviderProps)- props (
NlbListenerProviderProps) No description- port (
number) Port to listen on. - healthCheck (
boolean) Enable health checking on this endpoint. Default: true - id (
string) Scope ID of the load balancer. Default: 'LoadBalancer'
- port (
Publishes a port via a Network Load Balancer.
Implements: IPortPublisher
new NlbPortPublisher(props: NlbPortPublisherProps)- props (
NlbPortPublisherProps) No description- port (
number) Port to listen on. - healthCheck (
boolean) Enable health checking on this endpoint. Default: true - id (
string) Scope ID of the load balancer. Default: 'LoadBalancer'
- port (
Convenience interface for creating port publishers.
new PortPublisher()Add to an existing load balancer.
static addTarget(props: AddTargetPortPublisherProps): IPortPublisher- props (
AddTargetPortPublisherProps) No description- listener (
aws_elasticloadbalancingv2.IApplicationListener) No description - conditions (
Array<aws_elasticloadbalancingv2.ListenerCondition>) No description Optional - priority (
number) No description Optional
- listener (
Returns:
Create a load balancer that listens for HTTP.
static httpAlb(props?: HttpAlbPortPublisherProps): IPortPublisher- props (
HttpAlbPortPublisherProps) No description- healthCheck (
boolean) Enable health checking on this endpoint. Default: true - id (
string) Scope ID of the load balancer. Default: 'LoadBalancer'
- healthCheck (
Returns:
Create a load balancer that listens for HTTPS with your certificates.
static httpsAlb(props: HttpsAlbPortPublisherProps): IPortPublisher- props (
HttpsAlbPortPublisherProps) No description- healthCheck (
boolean) Enable health checking on this endpoint. Default: true - id (
string) Scope ID of the load balancer. Default: 'LoadBalancer' - certificates (
Array<aws_certificatemanager.ICertificate>) Certificates to use for the ALB listener. - upgradeHttp (
boolean) Upgrade HTTP connection to HTTPS. Default: false - upgradeHttpHost (
string) A host name to redirect to when upgrading to HTTPS. Default: same as the request
- healthCheck (
Returns:
Create a network load balancer.
static nlb(props: NlbPortPublisherProps): IPortPublisher- props (
NlbPortPublisherProps) No description- port (
number) Port to listen on. - healthCheck (
boolean) Enable health checking on this endpoint. Default: true - id (
string) Scope ID of the load balancer. Default: 'LoadBalancer'
- port (
Returns:
Not added to a load balancer.
static none(): IPortPublisherReturns:
Provides a serverless Aurora database cluster.
Implements: IDatabaseInfoProvider
new ServerlessAuroraDatabaseProvider(props?: ServerlessAuroraDatabaseProviderProps)- props (
ServerlessAuroraDatabaseProviderProps) No description- engine (
aws_rds.IClusterEngine) Cluster engine. Default: rds.DatabaseClusterEngine.AURORA_MYSQL - scaling (
aws_rds.ServerlessScalingOptions) Scaling options. Default: 5 minute auto pause, min and max capacity of 1 acu. - subnets (
aws_ec2.SubnetSelection) Select subnets to register the database cluster in. Optional
- engine (
new VpcProvider()Provides an already-existing vpc.
static fromExistingVpc(vpc: IVpc): IVpcInfoProvider- vpc (
aws_ec2.IVpc) No description
Returns:
Provides an already-existing vpc.
static fromVpc(vpc: IVpc): IVpcInfoProvider- vpc (
aws_ec2.IVpc) No description
Returns:
Provides a VPC with a public subnet and private subnet config.
static ingressAndPrivateVpc(): IVpcInfoProviderReturns:
Information about how to register with a load balancer.
| Name | Type | Description |
|---|---|---|
| listener | aws_elasticloadbalancingv2.IApplicationListener |
|
| conditions? | Array<aws_elasticloadbalancingv2.ListenerCondition> |
Optional |
| priority? | number |
Optional |
Properties for an ALB port publisher.
| Name | Type | Description |
|---|---|---|
| healthCheck? | boolean |
Enable health checking on this endpoint. Default: true |
| id? | string |
Scope ID of the load balancer. Default: 'LoadBalancer' |
Information about the ecs cluster.
| Name | Type | Description |
|---|---|---|
| cluster | aws_ecs.ICluster |
The ECS cluster for adding a service. |
Information about needed to connect to the database.
| Name | Type | Description |
|---|---|---|
| credentials | aws_secretsmanager.ISecret |
Database credentials in standard RDS json format. |
| vendor | KeycloakDatabaseVendor |
Database vendor. |
| connectable? | aws_ec2.IConnectable |
A connectable so that the cluster can allow itself to connect to the database. Optional |
Basic props for creating a database instance.
| Name | Type | Description |
|---|---|---|
| engine? | aws_rds.IInstanceEngine |
Instance database engine. Default: mysql 8.0 |
| instanceType? | aws_ec2.InstanceType |
Instance type. Default: t2.micro |
| subnets? | aws_ec2.SubnetSelection |
Select subnets to register the database instance in. Optional |
Props for EnsureMysqlDatabaseExtension.
| Name | Type | Description |
|---|---|---|
| databaseCredentials | aws_secretsmanager.ISecret |
RDS credentials. |
| databaseName | string |
Name of the database to create. |
| containerName? | string |
Name of the container to add to do this work. Default: 'ensure-mysql-database' |
| logging? | aws_ecs.LogDriver |
Logging driver. Optional |
Props for EnsurePostgresqlDatabaseExtension.
| Name | Type | Description |
|---|---|---|
| databaseCredentials | aws_secretsmanager.ISecret |
RDS credentials. |
| databaseName | string |
Name of the database to create. |
| containerName? | string |
Name of the container to add to do this work. Default: 'ensure-postgresql-database' |
| logging? | aws_ecs.LogDriver |
Logging driver. Optional |
Props for FromClusterInfoProvider.
| Name | Type | Description |
|---|---|---|
| cluster | aws_ecs.ICluster |
The ECS cluster for adding a service. |
Props for FromDatabaseInfoProvider.
| Name | Type | Description |
|---|---|---|
| credentials | aws_secretsmanager.ISecret |
Database credentials in standard RDS json format. |
| vendor | KeycloakDatabaseVendor |
Database vendor. |
| connectable? | aws_ec2.IConnectable |
A connectable so that the cluster can allow itself to connect to the database. Optional |
Props for FromVpcProvider.
| Name | Type | Description |
|---|---|---|
| vpc | aws_ec2.IVpc |
The VPC. |
Properties for an HTTP ALB port publisher.
| Name | Type | Description |
|---|---|---|
| healthCheck? | boolean |
Enable health checking on this endpoint. Default: true |
| id? | string |
Scope ID of the load balancer. Default: 'LoadBalancer' |
Properties for a new HTTPS-listening load balancer.
| Name | Type | Description |
|---|---|---|
| certificates | Array<aws_certificatemanager.ICertificate> |
Certificates to use for the ALB listener. |
| healthCheck? | boolean |
Enable health checking on this endpoint. Default: true |
| id? | string |
Scope ID of the load balancer. Default: 'LoadBalancer' |
| upgradeHttp? | boolean |
Upgrade HTTP connection to HTTPS. Default: false |
| upgradeHttpHost? | string |
A host name to redirect to when upgrading to HTTPS. Default: same as the request |
Properties for a new HTTPS-listening load balancer.
| Name | Type | Description |
|---|---|---|
| certificates |
Array<aws_certificatemanager.ICertificate> |
Certificates to use for the ALB listener. |
Obtainable from: CloudMapNamespaceProvider.privateDns()
Provides CloudMapNamespaceInfo once the VPC is available.
Implemented by: EcsClusterInfoProvider, FargateSpotEcsClusterInfoProvider, FromClusterInfoProvider Obtainable from: ClusterProvider.cluster(), ClusterProvider.fargateSpotCluster(), ClusterProvider.fromClusterInfo()
Provides ClusterInfo after the VPC is available.
Implemented by: DatabaseInstanceProvider, FromDatabaseInfoProvider, ServerlessAuroraDatabaseProvider Obtainable from: DatabaseProvider.fromDatabaseInfo(), DatabaseProvider.serverlessAuroraCluster()
Provides DatabaseInfo after the VPC is available.
Implemented by: KeycloakEc2TaskDefinition, KeycloakFargateTaskDefinition
A Keycloak task definition.
| Name | Type | Description |
|---|---|---|
| keycloakContainerExtension | KeycloakContainerExtension |
The Keycloak container extension. |
Configures the health check of the application target group.
configureHealthCheck(targetGroup: ApplicationTargetGroup): void- targetGroup (
aws_elasticloadbalancingv2.ApplicationTargetGroup) No description
Register the task definition with a cloudmap service.
useCloudMapService(cloudMapService: IService): void- cloudMapService (
aws_servicediscovery.IService) No description
Implemented by: HttpListenerProvider, HttpsListenerProvider, NlbListenerProvider Obtainable from: ListenerProvider.fromListenerInfo(), ListenerProvider.http(), ListenerProvider.https(), ListenerProvider.nlb(), ListenerProvider.none()
Provides ListenerInfo once the VPC is available.
Implemented by: AddTargetPortPublisher, HttpAlbPortPublisher, HttpListenerProvider, HttpsAlbPortPublisher, HttpsListenerProvider, NlbListenerProvider, NlbPortPublisher Obtainable from: PortPublisher.addTarget(), PortPublisher.httpAlb(), PortPublisher.httpsAlb(), PortPublisher.nlb(), PortPublisher.none()
Publishes container ports.
Implemented by: FromVpcProvider, IngressAndPrivateVpcProvider Obtainable from: VpcProvider.fromExistingVpc(), VpcProvider.fromVpc(), VpcProvider.ingressAndPrivateVpc()
Provides VpcInfo.
Props for KeycloakCluster.
| Name | Type | Description |
|---|---|---|
| adminConsoleListenerProvider? |
IListenerInfoProvider |
Add the service's WildFly admin console port to a load balancer. Default: not exposed |
| adminConsolePortPublisher? | IPortPublisher |
Add the service's WildFly admin console port to a load balancer. Default: not exposed |
| capacityProviderStrategy?🔹 | Array<aws_ecs.CfnCluster.CapacityProviderStrategyItemProperty> |
Add capacity provider strategy by CDK escape hatch. Optional |
| circuitBreaker? | boolean |
Enable/disable the deployment circuit breaker. Default: true |
| cloudMapNamespaceProvider? | ICloudMapNamespaceInfoProvider |
CloudMap namespace to use for service discovery. Default: creates one named 'keycloak-service-discovery' |
| cpu? | number |
Fargate task cpu spec. Default: 1024 |
| databaseProvider? | IDatabaseInfoProvider |
Database server. Default: creates a new one |
| desiredCount? | number |
How many keycloak cluster members to spin up. Default: 1 |
| ecsClusterProvider? | IClusterInfoProvider |
Provide an ECS cluster. Default: a cluster is automatically created. |
| healthCheckGracePeriod? | Duration |
Initial grace period for Keycloak to spin up. Default: 10 minutes |
| httpPortPublisher? | IPortPublisher |
Publish the service's HTTP port. Default: a new load balancer is automatically created unless httpsPort is given. |
| httpsListenerProvider? |
IListenerInfoProvider |
Add the service's https port to a load balancer. Default: not exposed |
| httpsPortPublisher? | IPortPublisher |
Publish the service's HTTPS port. Default: not published |
| keycloak? | KeycloakContainerExtensionProps |
Keycloak configuration options. Optional |
| listenerProvider? |
IListenerInfoProvider |
Add the service's http port to a load balancer. Default: a new load balancer is automatically created unless httpsListenerProvider is given. |
| maxHealthyPercent? | number |
The maximum percentage of healthy tasks during deployments. Optional |
| memoryLimitMiB? | number |
Fargate task memory spec. Default: 2048 |
| minHealthyPercent? | number |
The minimum percentage of healthy tasks during deployments. Optional |
| vpcProvider? | IVpcInfoProvider |
VPC to use. Default: creates one |
| vpcTaskAssignPublicIp? | boolean |
Assign public IPs to the Fargate tasks. Default: false |
| vpcTaskSubnets? | aws_ec2.SubnetSelection |
Where to place the instances within the VPC. Optional |
Configuration for the Keycloak container.
| Name | Type | Description |
|---|---|---|
| cacheOwnersAuthSessionsCount? | number |
The number of distributed cache owners for authentication sessions. Default: same as cacheOwnersCount |
| cacheOwnersCount? | number |
The default number of distributed cache owners for each key. Default: 1 |
| containerName? | string |
A name for the container added to the task definition. Default: 'keycloak' |
| databaseCredentials? | aws_secretsmanager.ISecret |
Secrets manager secret containing the RDS database credentials and connection information in JSON format. Default: none |
| databaseName? | string |
Database name. Default: 'keycloak' |
| databaseSchema? | string |
Database schema. Default: for Postgresql, the default is 'public' |
| databaseVendor? | KeycloakDatabaseVendor |
The database vendor. Default: KeycloakDatabaseVendor.H2 |
| defaultAdminPassword? | string |
Default admin user's password. Default: 'admin' |
| defaultAdminUser? | string |
Default admin user. Default: 'admin' |
| image? | aws_ecs.ContainerImage |
Keycloak container image to use. Default: use jboss/keycloak from docker hub. |
| infinicacheClustering? | boolean |
Enable infinicache clustering. Default: true if any cache owner count is greater than 1 |
| logging? | aws_ecs.LogDriver |
Log driver for the task. Default: cloudwatch with one month retention |
| memoryLimitMiB? | number |
Memory limit of the keycloak task. Default: 1024 |
| memoryReservationMiB? | number |
Memory reservation size for the keycloak task. Default: 80% of memoryLimitMiB |
Props for KeycloakEc2TaskDefinition.
| Name | Type | Description |
|---|---|---|
| executionRole? | aws_iam.IRole |
The name of the IAM task execution role that grants the ECS agent permission to call AWS APIs on your behalf. Default: An execution role will be automatically created if you use ECR images in your task definition. |
| family? | string |
The name of a family that this task definition is registered to. Default: Automatically generated name. |
| inferenceAccelerators? | Array<aws_ecs.InferenceAccelerator> |
The inference accelerators to use for the containers in the task. Default: No inference accelerators. |
| ipcMode? | aws_ecs.IpcMode |
The IPC resource namespace to use for the containers in the task. Default: IpcMode used by the task is not specified |
| keycloak? | KeycloakContainerExtensionProps |
Keycloak configuration. Optional |
| networkMode? | aws_ecs.NetworkMode |
The Docker networking mode to use for the containers in the task. Default: NetworkMode.Bridge for EC2 tasks, AwsVpc for Fargate tasks. |
| pidMode? | aws_ecs.PidMode |
The process namespace to use for the containers in the task. Default: PidMode used by the task is not specified |
| placementConstraints? | Array<aws_ecs.PlacementConstraint> |
An array of placement constraint objects to use for the task. Default: No placement constraints. |
| proxyConfiguration? | aws_ecs.ProxyConfiguration |
The configuration details for the App Mesh proxy. Default: No proxy configuration. |
| taskRole? | aws_iam.IRole |
The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: A task role is automatically created for you. |
| volumes? | Array<aws_ecs.Volume> |
The list of volume definitions for the task. Default: No volumes are passed to the Docker daemon on a container instance. |
Props for KeycloakFargateTaskDefinition.
| Name | Type | Description |
|---|---|---|
| cpu? | number |
The number of cpu units used by the task. Default: 256 |
| ephemeralStorageGiB? | number |
The amount (in GiB) of ephemeral storage to be allocated to the task. Default: 20 |
| executionRole? | aws_iam.IRole |
The name of the IAM task execution role that grants the ECS agent permission to call AWS APIs on your behalf. Default: An execution role will be automatically created if you use ECR images in your task definition. |
| family? | string |
The name of a family that this task definition is registered to. Default: Automatically generated name. |
| keycloak? | KeycloakContainerExtensionProps |
Keycloak configuration. Optional |
| memoryLimitMiB? | number |
The amount (in MiB) of memory used by the task. Default: 512 |
| proxyConfiguration? | aws_ecs.ProxyConfiguration |
The configuration details for the App Mesh proxy. Default: No proxy configuration. |
| taskRole? | aws_iam.IRole |
The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: A task role is automatically created for you. |
| volumes? | Array<aws_ecs.Volume> |
The list of volume definitions for the task. Default: No volumes are passed to the Docker daemon on a container instance. |
Information about how to register with a load balancer.
| Name | Type | Description |
|---|---|---|
| listener |
aws_elasticloadbalancingv2.IApplicationListener |
|
| conditions? |
Array<aws_elasticloadbalancingv2.ListenerCondition> |
Optional |
| priority? |
number |
Optional |
Information about a network load balancer to create.
| Name | Type | Description |
|---|---|---|
| port |
number |
Port to listen on. |
| healthCheck? |
boolean |
Enable health checking on this endpoint. Default: true |
| id? |
string |
Scope ID of the load balancer. Default: 'LoadBalancer' |
Information about a network load balancer to create.
| Name | Type | Description |
|---|---|---|
| port | number |
Port to listen on. |
| healthCheck? | boolean |
Enable health checking on this endpoint. Default: true |
| id? | string |
Scope ID of the load balancer. Default: 'LoadBalancer' |
Props for creating a private Dns Namespace.
| Name | Type | Description |
|---|---|---|
| name? | string |
The globally unique name for the namespace. Default: 'keycloak-service-discovery' |
Basic props for creating a serverless Aurora database cluster.
| Name | Type | Description |
|---|---|---|
| engine? | aws_rds.IClusterEngine |
Cluster engine. Default: rds.DatabaseClusterEngine.AURORA_MYSQL |
| scaling? | aws_rds.ServerlessScalingOptions |
Scaling options. Default: 5 minute auto pause, min and max capacity of 1 acu. |
| subnets? | aws_ec2.SubnetSelection |
Select subnets to register the database cluster in. Optional |
Information about the VPC other providers may opt to use to host their resources.
| Name | Type | Description |
|---|---|---|
| vpc | aws_ec2.IVpc |
The VPC. |
The database vendor.
| Name | Description |
|---|---|
| H2 | H2 In-memory Database (Warning: data deleted when task restarts.). |
| MYSQL | MySQL. |
| MARIADB | MariaDB. |
| MSSQL | MSSQL (not yet supported, please submit a PR). |
| ORACLE | Oracle database (not yet supported, please submit a PR). |
| POSTGRES | Postgres. |