Overview
Keycloak (Hardened) on Amazon Linux 2023 is a production-ready, security-hardened image of the Keycloak identity and access management server (OpenID Connect, OAuth 2.0, SAML 2.0), maintained and supported by Derek Coleman & Associates Incorporated.
This is repackaged open-source software. Keycloak is a Cloud Native Computing Foundation project distributed under the Apache License 2.0. Keycloak is a trademark of Red Hat, Inc.; this listing is not endorsed by or affiliated with Red Hat or the CNCF. This product bundles unmodified upstream Keycloak on a hardened Amazon Linux 2023 base; the charges associated with this listing are for image hardening, continuous patching, vulnerability scanning, and business-day support - not for the underlying open-source software, which remains free.
Hardening baseline: minimal package footprint, SSH key-only access (password authentication disabled), IMDSv2 enforced, and no default admin credentials - the temporary bootstrap admin password is generated per instance on first boot (set to the EC2 instance ID); Keycloak requires you to create a permanent admin account on first login. Images are rebuilt, scanned for HIGH and CRITICAL vulnerabilities, and republished on a regular cadence so that new launches start current. Ships with the embedded dev-file database for evaluation and small deployments; point it at PostgreSQL for production clusters (documented in the usage instructions).
Highlights
- Security-hardened at build time: minimal packages, key-only SSH, IMDSv2-only, no default admin password - bootstrap credential is per-instance (the EC2 instance ID).
- Continuously patched: rebuilt, vulnerability-scanned, and republished on a regular cadence.
- Production-ready: Keycloak 26.7 on Amazon Corretto 21, systemd-managed, health endpoints enabled; swap the embedded database for PostgreSQL when you scale.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
Pricing
Dimension | Cost/hour |
|---|---|
c7i.2xlarge Recommended | $0.92 |
c7i.4xlarge | $1.84 |
c7i.xlarge | $0.46 |
Vendor refund policy
Usage-based hourly billing; charges stop when instances are terminated. Contact support@dcassociatesgroup.com for billing questions.
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
[Important] Initial release. Keycloak 26.7 on Amazon Linux 2023, hardened baseline; all OS packages current at build.
Additional details
Usage instructions
Launch from AWS Marketplace (1-Click or EC2 console). Browse to http://<public-ip>:8080 and sign in with username admin and the temporary password equal to the EC2 instance ID (e.g. i-0abc123...); Keycloak then requires you to create a permanent admin account. For production, terminate TLS on 8443 or a load balancer, set a hostname, and configure an external PostgreSQL database in /opt/keycloak/conf/keycloak.conf, then: sudo systemctl restart keycloak. SSH: ssh -i <key> ec2-user@<public-ip>; root login is disabled; use sudo.
Support
Vendor support
Support by Derek Coleman & Associates Incorporated. Email: support@dcassociatesgroup.com . Business-day response. Covers image operation, hardening baseline, and launch issues.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.