Architecture overview
Deploying this solution with the default parameters builds the following environment in the AWS Cloud.
Figure 1: Solution architecture
This solution deploys the AWS CloudFormation template in your AWS Cloud account and completes the following settings.
- A highly available architecture that spans two Availability Zones.
- A Amazon Virtual Private Cloud (Amazon VPC) configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.
- In the public subnets, managed Network Address Translation (NAT) gateways to allow outbound internet access for resources in the private subnets.
- In the private subnets:
- Amazon Elastic Container Service (Amazon ECS) tasks running with AWS Fargate behind the Application Load Balancer.
- Amazon Aurora Serverless MySQL-Compatible database cluster or Amazon Aurora MySQL-Compatible cluster.
- IAM role for the Amazon ECS service.
- Secrets from AWS Secrets Manager for Keycloak console login and database connection.
- AWS Certificate Manager (ACM), which uses your existing certificate for the custom domain name on the Application Load Balancer.
- Amazon Route 53 alias record, which is required for the custom domain name.