Architecture overview

Deploying this solution with the default parameters builds the following environment in the AWS Cloud.

Figure 1: Solution architecture

This solution deploys the AWS CloudFormation template in your AWS Cloud account and completes the following settings.

• A highly available architecture that spans two Availability Zones.
• A Amazon Virtual Private Cloud (Amazon VPC) configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.
• In the public subnets, managed Network Address Translation (NAT) gateways to allow outbound internet access for resources in the private subnets.
• In the private subnets:
  • Amazon Elastic Container Service (Amazon ECS) tasks running with AWS Fargate behind the Application Load Balancer.
  • Amazon Aurora Serverless MySQL-Compatible database cluster or Amazon Aurora MySQL-Compatible cluster.
• IAM role for the Amazon ECS service.
• Secrets from AWS Secrets Manager for Keycloak console login and database connection.
• AWS Certificate Manager (ACM), which uses your existing certificate for the custom domain name on the Application Load Balancer.
• Amazon Route 53 alias record, which is required for the custom domain name.