awslabs / aws-saas-boost

AWS SaaS Boost is a ready-to-use toolset that removes the complexity of successfully running SaaS workloads in the AWS cloud.
Apache License 2.0
961 stars 189 forks source link

Setting up aws-saas-boot for Keycloak #518

Open sj-metta opened 1 year ago

sj-metta commented 1 year ago

:question: General Issue

The Question

Hi Team , I am trying to setup saas boost as POC for Keyclock. I am getting below error in cloud formation Embedded stack arn:aws:cloudformation:ap-south-1:7----9:stack/sb-dev5-idp-9UQAMTET4MLY-keycloak-----/-----02cf-11ee------0ad4aa078e90 was not successfully created: The following resource(s) failed to create: [InvokeKeycloakSetup, KeycloakRecordSetAlias].

Environment

Other information

sj-metta commented 1 year ago

I having trouble providing a domain , looks like a DNS issue but not getting any more information from error.

brtrvn commented 1 year ago

When you choose Keycloak as your System Users identity provider, you have to provide 3 things:

SaaS Boost will add an A record to the hosted zone for the domain name you gave to the installer when setting up the load balancer. It's your responsibility to make sure the domain name you use for your Keycloak install is routable from the internet (DNS is active and property setup).

To debug what happened, I'd double check the CloudWatch Logs for the Keycloak setup Lambda, the CodeBuild project that deploys Keycloak to ECS, and general DNS debugging like doing an nslookup or dig against the domain name you used for your Keycloak install.

All of these restrictions are in place because Keycloak requires a valid, public SSL certificate in order to operate.