This terraform module is used to initiate newly created keycloack realm.
To be able to deploy this module credentials have to be created in the keycloack.
For this, a keycloack client have to be configured, then the credential of this client can be used to deploy this terraform module.
Also, with the keyclaock gold realm configuration, the OIDC integration have to be requested to the SSO team.
To do this this request the step 1 of this documents.
Once the request is fulfilled, the client_id and client_secret will be provided in the SSO team CSS app.
- Connect to the new keycloack realm
- Select the client tabs on the left and click on
createon the top right - Import this configuration and click
save - Regenerate the credentials in the newly created terraform client
- Click on
editfor the terraform client - Select
Credentialsand click onregenerate Secret
- Click on
- The new terraform-service-account has to be link with roles allowing to configure the realm.
- In the
roletab click on the name of the role - In the
user in roletab click on the username link - In the
role mappingtab click onclient rolethen enter in the field "realm" and select:realm-management - Now form the available role list select:
- realms-admin
- In the
- Terraforn can now be executed with this command:
terraform plan -var "kc_terraform_auth_password=<Secret>" -var "kc_base_url=<keycloack_realm_url>" -var "cloudfront_auth_url=<cloudfront_url>" -var "client_id=<client_id>" -var "client_secret=<client_secret>"