Keycloak

Keycloak 26.4.7 on Ubuntu 24.04 with Free Maintenance Support by ATH Infosystems

This AWS Marketplace AMI provides a self-managed Keycloak Identity and Access Management (IAM) server designed for teams that require direct control over authentication, authorization, and identity federation on AWS.

The image is built, packaged, and validated by ATH Infosystems to ensure predictable and stable behavior on Amazon EC2. It is intended for engineering teams that want to own the runtime environment, security posture, and upgrade lifecycle, rather than relying on managed SaaS identity services.

What This Is (and What It Is Not)

This offering is:

• A ready-to-run Keycloak server on Amazon EC2
• Fully self-managed within your AWS account
• Based on upstream, open-source Keycloak
• Designed for production use, not demonstrations

This is not a hosted identity service and does not abstract infrastructure away. You retain full access, full responsibility, and complete flexibility.

Common Real-World Use Cases

Teams commonly deploy this AMI for:

• Single Sign-On (SSO) across internal tools, dashboards, and custom applications
• Centralized identity and access management for microservices and APIs on AWS
• Replacing legacy authentication systems using OIDC or SAML
• Securing CI/CD tools, admin consoles, and developer platforms
• Identity federation with existing Active Directory or LDAP environments
• Multi-tenant SaaS authentication where tenant isolation is required

This AMI is widely used by platform teams, DevSecOps organizations, and enterprises operating under compliance or data-residency constraints.

Protocols and Identity Standards

Keycloak in this AMI supports:

• OpenID Connect (OIDC)
• OAuth 2.0 standard authorization flows
• SAML 2.0

Identity capabilities include:

• User federation with LDAP and Active Directory
• Role-based and attribute-based access control
• Realm-based isolation for multi-application environments
• Token-based authentication for APIs and backend services

All configuration is performed through the native Keycloak administration console or supported REST APIs.

Base System and Runtime

• Operating system: Ubuntu 24.04 LTS
• Java runtime installed and configured for Keycloak
• Keycloak packaged from the official open-source distribution
• Database support for PostgreSQL or MySQL

The system remains close to upstream defaults, allowing engineers familiar with Keycloak to operate and maintain it easily.

Deployment Model on AWS

• Runs entirely inside your VPC
• Compatible with AWS security groups, IAM roles, and load balancers
• Supports single-node or high-availability deployments
• Integrates with Infrastructure as Code and CI/CD pipelines

Production deployments commonly use an Application Load Balancer with an external database backend for high availability.

Security and Control

Security is aligned with standard AWS best practices:

• No outbound dependencies required for core identity services
• TLS termination supported at the instance or load balancer level
• Audit logs and identity data remain within your AWS account
• No vendor access to runtime or authentication data

This makes the AMI suitable for regulated environments, internal enterprise networks, and zero-trust architectures.

Operations and Observability

• Compatible with Amazon CloudWatch logging and monitoring
• Supports AMI snapshots and database backup strategies
• Predictable startup and runtime behavior
• Designed for repeatable deployments across environments
• No managed control plane or hidden background services
• Full customer control over updates and maintenance windows

Why Teams Use ATH Infosystems Images

ATH Infosystems delivers practical, production-ready open-source solutions for AWS environments.

• Built for engineers, not just marketplace buyers
• Tested for deployment consistency and operational reliability
• Designed to integrate cleanly into real-world AWS architectures