API Reference

Classes

Name	Description
AddTargetPortPublisher	Publishes a container port common `listener.addTargets` props.
CloudMapNamespaceProvider	A convenience interface for creating a CloudMap namespace.
ClusterProvider	Convenience interface for providing ClusterInfo to the cluster construct.
DatabaseInstanceProvider	Provides a very basic RDS database instance.
DatabaseProvider	Convenience interface for providing DatabaseInfo to the cluster.
EcsClusterInfoProvider	Provides a very basic ECS cluster in the given VPC.
EnsureMysqlDatabaseExtension	Ensures a MySQL database exists by adding an init container.
EnsurePostgresqlDatabaseExtension	Ensures a Postgresql database exists by adding an init container.
FargateSpotEcsClusterInfoProvider	Provides an ECS cluster in the given VPC that has FARGATE and FARGATE_SPOT capacity providers enabled.
FromClusterInfoProvider	Directly provide cluster info.
FromDatabaseInfoProvider	Provide database info directly.
FromVpcProvider	Directly provides the given VPC.
HttpAlbPortPublisher	Creates a load balancer and an HTTP load balancer.
HttpListenerProvider	Creates a load balancer and an HTTP load balancer.
HttpsAlbPortPublisher	Creates an application load balancer and an HTTPS listener with the given ACM certificates.
HttpsListenerProvider	Creates an application load balancer and an HTTPS listener with the given ACM certificates.
IngressAndPrivateVpcProvider	Provides a VPC with both private and public subnets.
KeycloakCluster	A complete Keycloak cluster in a box.
KeycloakContainerExtension	Adds a keycloak container to a task definition.
KeycloakEc2TaskDefinition	The details of a Keycloak task definition running on EC2.
KeycloakFargateTaskDefinition	The details of a Keycloak task definition running on Fargate.
ListenerProvider	Convenience interface for providing ListenerInfo to the cluster.
NlbListenerProvider	Creates a network load balancer listener.
NlbPortPublisher	Publishes a port via a Network Load Balancer.
PortPublisher	Convenience interface for creating port publishers.
ServerlessAuroraDatabaseProvider	Provides a serverless Aurora database cluster.
VpcProvider	No description

Structs

Name	Description
AddTargetPortPublisherProps	Information about how to register with a load balancer.
AlbPortPublisherProps	Properties for an ALB port publisher.
ClusterInfo	Information about the ecs cluster.
DatabaseInfo	Information about needed to connect to the database.
DatabaseInstanceProviderProps	Basic props for creating a database instance.
EnsureMysqlDatabaseExtensionProps	Props for EnsureMysqlDatabaseExtension.
EnsurePostgresqlDatabaseExtensionProps	Props for EnsurePostgresqlDatabaseExtension.
FromClusterInfoProviderProps	Props for `FromClusterInfoProvider`.
FromDatabaseInfoProviderProps	Props for `FromDatabaseInfoProvider`.
FromVpcProviderProps	Props for `FromVpcProvider`.
HttpAlbPortPublisherProps	Properties for an HTTP ALB port publisher.
HttpsAlbPortPublisherProps	Properties for a new HTTPS-listening load balancer.
HttpsListenerProviderProps	Properties for a new HTTPS-listening load balancer.
KeycloakClusterProps	Props for `KeycloakCluster`.
KeycloakContainerExtensionProps	Configuration for the Keycloak container.
KeycloakEc2TaskDefinitionProps	Props for `KeycloakEc2TaskDefinition`.
KeycloakFargateTaskDefinitionProps	Props for `KeycloakFargateTaskDefinition`.
ListenerInfo	Information about how to register with a load balancer.
NlbListenerProviderProps	Information about a network load balancer to create.
NlbPortPublisherProps	Information about a network load balancer to create.
PrivateDnsNamespaceProviderProps	Props for creating a private Dns Namespace.
ServerlessAuroraDatabaseProviderProps	Basic props for creating a serverless Aurora database cluster.
VpcInfo	Information about the VPC other providers may opt to use to host their resources.

Interfaces

Name	Description
ICloudMapNamespaceInfoProvider	Provides CloudMapNamespaceInfo once the VPC is available.
IClusterInfoProvider	Provides ClusterInfo after the VPC is available.
IDatabaseInfoProvider	Provides DatabaseInfo after the VPC is available.
IKeycloakTaskDefinition	A Keycloak task definition.
IListenerInfoProvider	Provides ListenerInfo once the VPC is available.
IPortPublisher	Publishes container ports.
IVpcInfoProvider	Provides VpcInfo.

Enums

Name	Description
KeycloakDatabaseVendor	The database vendor.

class AddTargetPortPublisher

Publishes a container port common listener.addTargets props.

Implements: IPortPublisher

Initializer

new AddTargetPortPublisher(listenerInfo: AddTargetPortPublisherProps)

listenerInfo (AddTargetPortPublisherProps) No description
- listener (aws_elasticloadbalancingv2.IApplicationListener) No description
- conditions (Array<aws_elasticloadbalancingv2.ListenerCondition>) No description Optional
- priority (number) No description Optional

class CloudMapNamespaceProvider

A convenience interface for creating a CloudMap namespace.

Initializer

new CloudMapNamespaceProvider()

Methods

static privateDns(props?)

Create a CloudMap namespaces from a private dns zone.

static privateDns(props?: PrivateDnsNamespaceProviderProps): ICloudMapNamespaceInfoProvider

props (PrivateDnsNamespaceProviderProps) No description
- name (string) The globally unique name for the namespace. Default: 'keycloak-service-discovery'

Returns:

ICloudMapNamespaceInfoProvider

class ClusterProvider

Convenience interface for providing ClusterInfo to the cluster construct.

Initializer

new ClusterProvider()

Methods

static cluster()

Create an ECS cluster.

static cluster(): IClusterInfoProvider

Returns:

IClusterInfoProvider

static fargateSpotCluster()🔹

Create an ECS cluster with Fargate Spot support.

static fargateSpotCluster(): IClusterInfoProvider

Returns:

IClusterInfoProvider

static fromClusterInfo(clusterInfo)

Provide raw clusterInfo.

static fromClusterInfo(clusterInfo: ClusterInfo): IClusterInfoProvider

clusterInfo (ClusterInfo) No description
- cluster (aws_ecs.ICluster) The ECS cluster for adding a service.

Returns:

IClusterInfoProvider

class DatabaseInstanceProvider

Provides a very basic RDS database instance.

Implements: IDatabaseInfoProvider

Initializer

new DatabaseInstanceProvider(props?: DatabaseInstanceProviderProps)

props (DatabaseInstanceProviderProps) No description
- engine (aws_rds.IInstanceEngine) Instance database engine. Default: mysql 8.0
- instanceType (aws_ec2.InstanceType) Instance type. Default: t2.micro
- subnets (aws_ec2.SubnetSelection) Select subnets to register the database instance in. Optional

class DatabaseProvider

Convenience interface for providing DatabaseInfo to the cluster.

Initializer

new DatabaseProvider()

Methods

static databaseInstance(props?)

Provide a new database instance.

static databaseInstance(props?: DatabaseInstanceProviderProps): DatabaseInstanceProvider

props (DatabaseInstanceProviderProps) No description
- engine (aws_rds.IInstanceEngine) Instance database engine. Default: mysql 8.0
- instanceType (aws_ec2.InstanceType) Instance type. Default: t2.micro
- subnets (aws_ec2.SubnetSelection) Select subnets to register the database instance in. Optional

Returns:

DatabaseInstanceProvider

static fromDatabaseInfo(props)

Provide raw DatabaseInfo.

static fromDatabaseInfo(props: DatabaseInfo): IDatabaseInfoProvider

props (DatabaseInfo) No description
- credentials (aws_secretsmanager.ISecret) Database credentials in standard RDS json format.
- vendor (KeycloakDatabaseVendor) Database vendor.
- connectable (aws_ec2.IConnectable) A connectable so that the cluster can allow itself to connect to the database. Optional

Returns:

IDatabaseInfoProvider

static serverlessAuroraCluster(props?)

Provide a new serverless aurora cluster.

static serverlessAuroraCluster(props?: ServerlessAuroraDatabaseProviderProps): IDatabaseInfoProvider

props (ServerlessAuroraDatabaseProviderProps) No description
- engine (aws_rds.IClusterEngine) Cluster engine. Default: rds.DatabaseClusterEngine.AURORA_MYSQL
- scaling (aws_rds.ServerlessScalingOptions) Scaling options. Default: 5 minute auto pause, min and max capacity of 1 acu.
- subnets (aws_ec2.SubnetSelection) Select subnets to register the database cluster in. Optional

Returns:

IDatabaseInfoProvider

class EcsClusterInfoProvider

Provides a very basic ECS cluster in the given VPC.

Implements: IClusterInfoProvider

Initializer

new EcsClusterInfoProvider()

class EnsureMysqlDatabaseExtension

Ensures a MySQL database exists by adding an init container.

Makes the default container depend on the successful completion of this container.

Implements: aws_ecs.ITaskDefinitionExtension

Initializer

new EnsureMysqlDatabaseExtension(props: EnsureMysqlDatabaseExtensionProps)

props (EnsureMysqlDatabaseExtensionProps) No description
- databaseCredentials (aws_secretsmanager.ISecret) RDS credentials.
- databaseName (string) Name of the database to create.
- containerName (string) Name of the container to add to do this work. Default: 'ensure-mysql-database'
- logging (aws_ecs.LogDriver) Logging driver. Optional

Methods

extend(taskDefinition)

Apply the extension to the given TaskDefinition.

extend(taskDefinition: TaskDefinition): void

taskDefinition (aws_ecs.TaskDefinition) No description

class EnsurePostgresqlDatabaseExtension

Ensures a Postgresql database exists by adding an init container.

Makes the default container depend on the successful completion of this container.

Implements: aws_ecs.ITaskDefinitionExtension

Initializer

new EnsurePostgresqlDatabaseExtension(props: EnsurePostgresqlDatabaseExtensionProps)

props (EnsurePostgresqlDatabaseExtensionProps) No description
- databaseCredentials (aws_secretsmanager.ISecret) RDS credentials.
- databaseName (string) Name of the database to create.
- containerName (string) Name of the container to add to do this work. Default: 'ensure-postgresql-database'
- logging (aws_ecs.LogDriver) Logging driver. Optional

Methods

extend(taskDefinition)

Apply the extension to the given TaskDefinition.

extend(taskDefinition: TaskDefinition): void

taskDefinition (aws_ecs.TaskDefinition) No description

class FargateSpotEcsClusterInfoProvider 🔹

Provides an ECS cluster in the given VPC that has FARGATE and FARGATE_SPOT capacity providers enabled.

Implements: IClusterInfoProvider

Initializer

new FargateSpotEcsClusterInfoProvider()

class FromClusterInfoProvider

Directly provide cluster info.

Implements: IClusterInfoProvider

Initializer

new FromClusterInfoProvider(props: FromClusterInfoProviderProps)

props (FromClusterInfoProviderProps) No description
- cluster (aws_ecs.ICluster) The ECS cluster for adding a service.

class FromDatabaseInfoProvider

Provide database info directly.

Implements: IDatabaseInfoProvider

Initializer

new FromDatabaseInfoProvider(props: FromDatabaseInfoProviderProps)

props (FromDatabaseInfoProviderProps) No description
- credentials (aws_secretsmanager.ISecret) Database credentials in standard RDS json format.
- vendor (KeycloakDatabaseVendor) Database vendor.
- connectable (aws_ec2.IConnectable) A connectable so that the cluster can allow itself to connect to the database. Optional

class FromVpcProvider

Directly provides the given VPC.

Implements: IVpcInfoProvider

Initializer

new FromVpcProvider(props: FromVpcProviderProps)

props (FromVpcProviderProps) No description
- vpc (aws_ec2.IVpc) The VPC.

class HttpAlbPortPublisher

Creates a load balancer and an HTTP load balancer.

Implements: IPortPublisher

Initializer

new HttpAlbPortPublisher(props?: HttpAlbPortPublisherProps)

props (HttpAlbPortPublisherProps) No description
- healthCheck (boolean) Enable health checking on this endpoint. Default: true
- id (string) Scope ID of the load balancer. Default: 'LoadBalancer'

class HttpListenerProvider ⚠️

Creates a load balancer and an HTTP load balancer.

Implements: IPortPublisher, IListenerInfoProvider, IPortPublisher Extends: HttpAlbPortPublisher

Initializer

new HttpListenerProvider(props?: HttpAlbPortPublisherProps)

props (HttpAlbPortPublisherProps) No description
- healthCheck (boolean) Enable health checking on this endpoint. Default: true
- id (string) Scope ID of the load balancer. Default: 'LoadBalancer'

class HttpsAlbPortPublisher

Creates an application load balancer and an HTTPS listener with the given ACM certificates.

Implements: IPortPublisher

Initializer

new HttpsAlbPortPublisher(props: HttpsAlbPortPublisherProps)

props (HttpsAlbPortPublisherProps) No description
- healthCheck (boolean) Enable health checking on this endpoint. Default: true
- id (string) Scope ID of the load balancer. Default: 'LoadBalancer'
- certificates (Array<aws_certificatemanager.ICertificate>) Certificates to use for the ALB listener.
- upgradeHttp (boolean) Upgrade HTTP connection to HTTPS. Default: false
- upgradeHttpHost (string) A host name to redirect to when upgrading to HTTPS. Default: same as the request

class HttpsListenerProvider ⚠️

Creates an application load balancer and an HTTPS listener with the given ACM certificates.

Implements: IPortPublisher, IListenerInfoProvider, IPortPublisher Extends: HttpsAlbPortPublisher

Initializer

new HttpsListenerProvider(props: HttpsListenerProviderProps)

props (HttpsListenerProviderProps) No description
- certificates (Array<aws_certificatemanager.ICertificate>) Certificates to use for the ALB listener.

class IngressAndPrivateVpcProvider

Provides a VPC with both private and public subnets.

Implements: IVpcInfoProvider

Initializer

new IngressAndPrivateVpcProvider()

class KeycloakCluster

A complete Keycloak cluster in a box.

Implements: IConstruct, IDependable Extends: Construct

Initializer

new KeycloakCluster(scope: Construct, id: string, props?: KeycloakClusterProps)

scope (Construct) No description
id (string) No description
props (KeycloakClusterProps) No description
- adminConsoleListenerProvider (IListenerInfoProvider) Add the service's WildFly admin console port to a load balancer. Default: not exposed
- adminConsolePortPublisher (IPortPublisher) Add the service's WildFly admin console port to a load balancer. Default: not exposed
- capacityProviderStrategy (Array<aws_ecs.CfnCluster.CapacityProviderStrategyItemProperty>) Add capacity provider strategy by CDK escape hatch. Optional
- circuitBreaker (boolean) Enable/disable the deployment circuit breaker. Default: true
- cloudMapNamespaceProvider (ICloudMapNamespaceInfoProvider) CloudMap namespace to use for service discovery. Default: creates one named 'keycloak-service-discovery'
- cpu (number) Fargate task cpu spec. Default: 1024
- databaseProvider (IDatabaseInfoProvider) Database server. Default: creates a new one
- desiredCount (number) How many keycloak cluster members to spin up. Default: 1
- ecsClusterProvider (IClusterInfoProvider) Provide an ECS cluster. Default: a cluster is automatically created.
- healthCheckGracePeriod (Duration) Initial grace period for Keycloak to spin up. Default: 10 minutes
- httpPortPublisher (IPortPublisher) Publish the service's HTTP port. Default: a new load balancer is automatically created unless httpsPort is given.
- httpsListenerProvider (IListenerInfoProvider) Add the service's https port to a load balancer. Default: not exposed
- httpsPortPublisher (IPortPublisher) Publish the service's HTTPS port. Default: not published
- keycloak (KeycloakContainerExtensionProps) Keycloak configuration options. Optional
- listenerProvider (IListenerInfoProvider) Add the service's http port to a load balancer. Default: a new load balancer is automatically created unless httpsListenerProvider is given.
- maxHealthyPercent (number) The maximum percentage of healthy tasks during deployments. Optional
- memoryLimitMiB (number) Fargate task memory spec. Default: 2048
- minHealthyPercent (number) The minimum percentage of healthy tasks during deployments. Optional
- vpcProvider (IVpcInfoProvider) VPC to use. Default: creates one
- vpcTaskAssignPublicIp (boolean) Assign public IPs to the Fargate tasks. Default: false
- vpcTaskSubnets (aws_ec2.SubnetSelection) Where to place the instances within the VPC. Optional

Properties

Name	Type	Description
service	`aws_ecs.BaseService`	The ECS service controlling the cluster tasks.

class KeycloakContainerExtension

Adds a keycloak container to a task definition.

To use ECS service discovery to locate cluster members, you need to call useCloudMapService with the CloudMap service so that we can configure the correct DNS query.

Implements: aws_ecs.ITaskDefinitionExtension

Initializer

new KeycloakContainerExtension(props?: KeycloakContainerExtensionProps)

props (KeycloakContainerExtensionProps) No description
- cacheOwnersAuthSessionsCount (number) The number of distributed cache owners for authentication sessions. Default: same as cacheOwnersCount
- cacheOwnersCount (number) The default number of distributed cache owners for each key. Default: 1
- containerName (string) A name for the container added to the task definition. Default: 'keycloak'
- databaseCredentials (aws_secretsmanager.ISecret) Secrets manager secret containing the RDS database credentials and connection information in JSON format. Default: none
- databaseName (string) Database name. Default: 'keycloak'
- databaseSchema (string) Database schema. Default: for Postgresql, the default is 'public'
- databaseVendor (KeycloakDatabaseVendor) The database vendor. Default: KeycloakDatabaseVendor.H2
- defaultAdminPassword (string) Default admin user's password. Default: 'admin'
- defaultAdminUser (string) Default admin user. Default: 'admin'
- image (aws_ecs.ContainerImage) Keycloak container image to use. Default: use jboss/keycloak from docker hub.
- infinicacheClustering (boolean) Enable infinicache clustering. Default: true if any cache owner count is greater than 1
- logging (aws_ecs.LogDriver) Log driver for the task. Default: cloudwatch with one month retention
- memoryLimitMiB (number) Memory limit of the keycloak task. Default: 1024
- memoryReservationMiB (number) Memory reservation size for the keycloak task. Default: 80% of memoryLimitMiB

Properties

Name	Type	Description
adminConsolePort	`number`	Admin console port.
cacheOwnersAuthSessionsCount	`number`	The number of distributed auth session cache owners for each key.
cacheOwnersCount	`number`	The number of distributed cache owners for each key.
containerName	`string`	Name of the container added to the task definition.
databaseName	`string`	Name of the Keycloak database.
databaseVendor	`KeycloakDatabaseVendor`	Database vendor.
defaultAdminPassword	`string`	The default admin user password.
defaultAdminUser	`string`	The default admin user's name.
httpsWebPort	`number`	Web traffic port with HTTPS.
infinicacheClustering	`boolean`	True if infinicache clustering is enabled.
webPort	`number`	Web traffic port.

Methods

configureHealthCheck(targetGroup)

Configure health checks on the target group.

configureHealthCheck(targetGroup: ApplicationTargetGroup): void

targetGroup (aws_elasticloadbalancingv2.ApplicationTargetGroup) No description

extend(taskDefinition)

Apply the extension to the given TaskDefinition.

extend(taskDefinition: TaskDefinition): void

taskDefinition (aws_ecs.TaskDefinition) No description

useCloudMapService(serviceDiscovery)

Inform Keycloak of a CloudMap service discovery mechanism.

useCloudMapService(serviceDiscovery: IService): void

serviceDiscovery (aws_servicediscovery.IService) No description

class KeycloakEc2TaskDefinition

The details of a Keycloak task definition running on EC2.

Implements: IConstruct, IDependable, IResource, IDependable, IConstruct, aws_ecs.ITaskDefinition, IDependable, IConstruct, IResource, aws_ecs.IEc2TaskDefinition, IDependable, IConstruct, IResource, aws_ecs.ITaskDefinition, IKeycloakTaskDefinition Extends: aws_ecs.Ec2TaskDefinition

Initializer

new KeycloakEc2TaskDefinition(scope: Construct, id: string, props?: KeycloakEc2TaskDefinitionProps)

scope (Construct) No description
id (string) No description
props (KeycloakEc2TaskDefinitionProps) No description
- executionRole (aws_iam.IRole) The name of the IAM task execution role that grants the ECS agent permission to call AWS APIs on your behalf. Default: An execution role will be automatically created if you use ECR images in your task definition.
- family (string) The name of a family that this task definition is registered to. Default: Automatically generated name.
- proxyConfiguration (aws_ecs.ProxyConfiguration) The configuration details for the App Mesh proxy. Default: No proxy configuration.
- taskRole (aws_iam.IRole) The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: A task role is automatically created for you.
- volumes (Array<aws_ecs.Volume>) The list of volume definitions for the task. Default: No volumes are passed to the Docker daemon on a container instance.
- inferenceAccelerators (Array<aws_ecs.InferenceAccelerator>) The inference accelerators to use for the containers in the task. Default: No inference accelerators.
- ipcMode (aws_ecs.IpcMode) The IPC resource namespace to use for the containers in the task. Default: IpcMode used by the task is not specified
- networkMode (aws_ecs.NetworkMode) The Docker networking mode to use for the containers in the task. Default: NetworkMode.Bridge for EC2 tasks, AwsVpc for Fargate tasks.
- pidMode (aws_ecs.PidMode) The process namespace to use for the containers in the task. Default: PidMode used by the task is not specified
- placementConstraints (Array<aws_ecs.PlacementConstraint>) An array of placement constraint objects to use for the task. Default: No placement constraints.
- keycloak (KeycloakContainerExtensionProps) Keycloak configuration. Optional

Properties

Name	Type	Description
keycloakContainerExtension	`KeycloakContainerExtension`	The Keycloak container extension.

Methods

configureHealthCheck(targetGroup)

Configures the health check of the application target group.

configureHealthCheck(targetGroup: ApplicationTargetGroup): void

targetGroup (aws_elasticloadbalancingv2.ApplicationTargetGroup) No description

useCloudMapService(cloudMapService)

Register the task definition with a cloudmap service.

useCloudMapService(cloudMapService: IService): void

cloudMapService (aws_servicediscovery.IService) No description

class KeycloakFargateTaskDefinition

The details of a Keycloak task definition running on Fargate.

Implements: IConstruct, IDependable, IResource, IDependable, IConstruct, aws_ecs.ITaskDefinition, IDependable, IConstruct, IResource, aws_ecs.IFargateTaskDefinition, IDependable, IConstruct, IResource, aws_ecs.ITaskDefinition, IKeycloakTaskDefinition Extends: aws_ecs.FargateTaskDefinition

Initializer

new KeycloakFargateTaskDefinition(scope: Construct, id: string, props?: KeycloakFargateTaskDefinitionProps)

scope (Construct) No description
id (string) No description
props (KeycloakFargateTaskDefinitionProps) No description
- executionRole (aws_iam.IRole) The name of the IAM task execution role that grants the ECS agent permission to call AWS APIs on your behalf. Default: An execution role will be automatically created if you use ECR images in your task definition.
- family (string) The name of a family that this task definition is registered to. Default: Automatically generated name.
- proxyConfiguration (aws_ecs.ProxyConfiguration) The configuration details for the App Mesh proxy. Default: No proxy configuration.
- taskRole (aws_iam.IRole) The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. Default: A task role is automatically created for you.
- volumes (Array<aws_ecs.Volume>) The list of volume definitions for the task. Default: No volumes are passed to the Docker daemon on a container instance.
- cpu (number) The number of cpu units used by the task. Default: 256
- ephemeralStorageGiB (number) The amount (in GiB) of ephemeral storage to be allocated to the task. Default: 20
- memoryLimitMiB (number) The amount (in MiB) of memory used by the task. Default: 512
- keycloak (KeycloakContainerExtensionProps) Keycloak configuration. Optional

Properties

Name	Type	Description
keycloakContainerExtension	`KeycloakContainerExtension`	The Keycloak container extension.

Methods

configureHealthCheck(targetGroup)

Configures the health check of the application target group.

configureHealthCheck(targetGroup: ApplicationTargetGroup): void

targetGroup (aws_elasticloadbalancingv2.ApplicationTargetGroup) No description

useCloudMapService(cloudMapService)

Register the task definition with a cloudmap service.

useCloudMapService(cloudMapService: IService): void

cloudMapService (aws_servicediscovery.IService) No description

class ListenerProvider ⚠️

Convenience interface for providing ListenerInfo to the cluster.

Initializer

new ListenerProvider()

Methods

static fromListenerInfo(listenerInfo)⚠️

Add to an existing load balancer.

static fromListenerInfo(listenerInfo: ListenerInfo): IListenerInfoProvider

listenerInfo (ListenerInfo) No description
- listener (aws_elasticloadbalancingv2.IApplicationListener) No description
- conditions (Array<aws_elasticloadbalancingv2.ListenerCondition>) No description Optional
- priority (number) No description Optional

Returns:

IListenerInfoProvider

static http()⚠️

Create a load balancer that listens for HTTP.

static http(): IListenerInfoProvider

Returns:

IListenerInfoProvider

static https(props)⚠️

Create a load balancer that listens for HTTPS with your certificates.

static https(props: HttpsListenerProviderProps): IListenerInfoProvider

props (HttpsListenerProviderProps) No description
- certificates (Array<aws_certificatemanager.ICertificate>) Certificates to use for the ALB listener.

Returns:

IListenerInfoProvider

static nlb(props)⚠️

Create a network load balancer.

static nlb(props: NlbListenerProviderProps): IListenerInfoProvider

props (NlbListenerProviderProps) No description
- port (number) Port to listen on.
- healthCheck (boolean) Enable health checking on this endpoint. Default: true
- id (string) Scope ID of the load balancer. Default: 'LoadBalancer'

Returns:

IListenerInfoProvider

static none()⚠️

Not added to a load balancer.

static none(): IListenerInfoProvider

Returns:

IListenerInfoProvider

class NlbListenerProvider ⚠️

Creates a network load balancer listener.

Implements: IPortPublisher, IListenerInfoProvider, IPortPublisher Extends: NlbPortPublisher

Initializer

new NlbListenerProvider(props: NlbListenerProviderProps)

props (NlbListenerProviderProps) No description
- port (number) Port to listen on.
- healthCheck (boolean) Enable health checking on this endpoint. Default: true
- id (string) Scope ID of the load balancer. Default: 'LoadBalancer'

class NlbPortPublisher

Publishes a port via a Network Load Balancer.

Implements: IPortPublisher

Initializer

new NlbPortPublisher(props: NlbPortPublisherProps)

props (NlbPortPublisherProps) No description
- port (number) Port to listen on.
- healthCheck (boolean) Enable health checking on this endpoint. Default: true
- id (string) Scope ID of the load balancer. Default: 'LoadBalancer'

class PortPublisher

Convenience interface for creating port publishers.

Initializer

new PortPublisher()

Methods

static addTarget(props)

Add to an existing load balancer.

static addTarget(props: AddTargetPortPublisherProps): IPortPublisher

props (AddTargetPortPublisherProps) No description
- listener (aws_elasticloadbalancingv2.IApplicationListener) No description
- conditions (Array<aws_elasticloadbalancingv2.ListenerCondition>) No description Optional
- priority (number) No description Optional

Returns:

IPortPublisher

static httpAlb(props?)

Create a load balancer that listens for HTTP.

static httpAlb(props?: HttpAlbPortPublisherProps): IPortPublisher

props (HttpAlbPortPublisherProps) No description
- healthCheck (boolean) Enable health checking on this endpoint. Default: true
- id (string) Scope ID of the load balancer. Default: 'LoadBalancer'

Returns:

IPortPublisher

static httpsAlb(props)

Create a load balancer that listens for HTTPS with your certificates.

static httpsAlb(props: HttpsAlbPortPublisherProps): IPortPublisher

props (HttpsAlbPortPublisherProps) No description
- healthCheck (boolean) Enable health checking on this endpoint. Default: true
- id (string) Scope ID of the load balancer. Default: 'LoadBalancer'
- certificates (Array<aws_certificatemanager.ICertificate>) Certificates to use for the ALB listener.
- upgradeHttp (boolean) Upgrade HTTP connection to HTTPS. Default: false
- upgradeHttpHost (string) A host name to redirect to when upgrading to HTTPS. Default: same as the request

Returns:

IPortPublisher

static nlb(props)

Create a network load balancer.

static nlb(props: NlbPortPublisherProps): IPortPublisher

props (NlbPortPublisherProps) No description
- port (number) Port to listen on.
- healthCheck (boolean) Enable health checking on this endpoint. Default: true
- id (string) Scope ID of the load balancer. Default: 'LoadBalancer'

Returns:

IPortPublisher

static none()

Not added to a load balancer.

static none(): IPortPublisher

Returns:

IPortPublisher

class ServerlessAuroraDatabaseProvider

Provides a serverless Aurora database cluster.

Implements: IDatabaseInfoProvider

Initializer

new ServerlessAuroraDatabaseProvider(props?: ServerlessAuroraDatabaseProviderProps)

props (ServerlessAuroraDatabaseProviderProps) No description
- engine (aws_rds.IClusterEngine) Cluster engine. Default: rds.DatabaseClusterEngine.AURORA_MYSQL
- scaling (aws_rds.ServerlessScalingOptions) Scaling options. Default: 5 minute auto pause, min and max capacity of 1 acu.
- subnets (aws_ec2.SubnetSelection) Select subnets to register the database cluster in. Optional

class VpcProvider

Initializer

new VpcProvider()

Methods

static fromExistingVpc(vpc)⚠️

Provides an already-existing vpc.

static fromExistingVpc(vpc: IVpc): IVpcInfoProvider

vpc (aws_ec2.IVpc) No description

Returns:

IVpcInfoProvider

static fromVpc(vpc)

Provides an already-existing vpc.

static fromVpc(vpc: IVpc): IVpcInfoProvider

vpc (aws_ec2.IVpc) No description

Returns:

IVpcInfoProvider

static ingressAndPrivateVpc()

Provides a VPC with a public subnet and private subnet config.

static ingressAndPrivateVpc(): IVpcInfoProvider

Returns:

IVpcInfoProvider

struct AddTargetPortPublisherProps

Information about how to register with a load balancer.

Name	Type	Description
listener	`aws_elasticloadbalancingv2.IApplicationListener`
conditions?	`Array<aws_elasticloadbalancingv2.ListenerCondition>`	*Optional*
priority?	`number`	*Optional*

struct AlbPortPublisherProps

Properties for an ALB port publisher.

Name	Type	Description
healthCheck?	`boolean`	Enable health checking on this endpoint. *Default*: true
id?	`string`	Scope ID of the load balancer. *Default*: 'LoadBalancer'

struct ClusterInfo

Information about the ecs cluster.

Name	Type	Description
cluster	`aws_ecs.ICluster`	The ECS cluster for adding a service.

struct DatabaseInfo

Information about needed to connect to the database.

Name	Type	Description
credentials	`aws_secretsmanager.ISecret`	Database credentials in standard RDS json format.
vendor	`KeycloakDatabaseVendor`	Database vendor.
connectable?	`aws_ec2.IConnectable`	A connectable so that the cluster can allow itself to connect to the database. *Optional*

struct DatabaseInstanceProviderProps

Basic props for creating a database instance.

Name	Type	Description
engine?	`aws_rds.IInstanceEngine`	Instance database engine. *Default*: mysql 8.0
instanceType?	`aws_ec2.InstanceType`	Instance type. *Default*: t2.micro
subnets?	`aws_ec2.SubnetSelection`	Select subnets to register the database instance in. *Optional*

struct EnsureMysqlDatabaseExtensionProps

Props for EnsureMysqlDatabaseExtension.

Name	Type	Description
databaseCredentials	`aws_secretsmanager.ISecret`	RDS credentials.
databaseName	`string`	Name of the database to create.
containerName?	`string`	Name of the container to add to do this work. *Default*: 'ensure-mysql-database'
logging?	`aws_ecs.LogDriver`	Logging driver. *Optional*

struct EnsurePostgresqlDatabaseExtensionProps

Props for EnsurePostgresqlDatabaseExtension.

Name	Type	Description
databaseCredentials	`aws_secretsmanager.ISecret`	RDS credentials.
databaseName	`string`	Name of the database to create.
containerName?	`string`	Name of the container to add to do this work. *Default*: 'ensure-postgresql-database'
logging?	`aws_ecs.LogDriver`	Logging driver. *Optional*

struct FromClusterInfoProviderProps

Props for FromClusterInfoProvider.

Name	Type	Description
cluster	`aws_ecs.ICluster`	The ECS cluster for adding a service.

struct FromDatabaseInfoProviderProps

Props for FromDatabaseInfoProvider.

Name	Type	Description
credentials	`aws_secretsmanager.ISecret`	Database credentials in standard RDS json format.
vendor	`KeycloakDatabaseVendor`	Database vendor.
connectable?	`aws_ec2.IConnectable`	A connectable so that the cluster can allow itself to connect to the database. *Optional*

struct FromVpcProviderProps

Props for FromVpcProvider.

Name	Type	Description
vpc	`aws_ec2.IVpc`	The VPC.

struct HttpAlbPortPublisherProps

Properties for an HTTP ALB port publisher.

Name	Type	Description
healthCheck?	`boolean`	Enable health checking on this endpoint. *Default*: true
id?	`string`	Scope ID of the load balancer. *Default*: 'LoadBalancer'

struct HttpsAlbPortPublisherProps

Properties for a new HTTPS-listening load balancer.

Name	Type	Description
certificates	`Array<aws_certificatemanager.ICertificate>`	Certificates to use for the ALB listener.
healthCheck?	`boolean`	Enable health checking on this endpoint. *Default*: true
id?	`string`	Scope ID of the load balancer. *Default*: 'LoadBalancer'
upgradeHttp?	`boolean`	Upgrade HTTP connection to HTTPS. *Default*: false
upgradeHttpHost?	`string`	A host name to redirect to when upgrading to HTTPS. *Default*: same as the request

struct HttpsListenerProviderProps ⚠️

Properties for a new HTTPS-listening load balancer.

Name	Type	Description
certificates⚠️	`Array<aws_certificatemanager.ICertificate>`	Certificates to use for the ALB listener.

interface ICloudMapNamespaceInfoProvider

Obtainable from: CloudMapNamespaceProvider.privateDns()

Provides CloudMapNamespaceInfo once the VPC is available.

interface IClusterInfoProvider

Implemented by: EcsClusterInfoProvider, FargateSpotEcsClusterInfoProvider, FromClusterInfoProvider Obtainable from: ClusterProvider.cluster(), ClusterProvider.fargateSpotCluster(), ClusterProvider.fromClusterInfo()

Provides ClusterInfo after the VPC is available.

interface IDatabaseInfoProvider

Implemented by: DatabaseInstanceProvider, FromDatabaseInfoProvider, ServerlessAuroraDatabaseProvider Obtainable from: DatabaseProvider.fromDatabaseInfo(), DatabaseProvider.serverlessAuroraCluster()

Provides DatabaseInfo after the VPC is available.

interface IKeycloakTaskDefinition

Implemented by: KeycloakEc2TaskDefinition, KeycloakFargateTaskDefinition

A Keycloak task definition.

Properties

Name	Type	Description
keycloakContainerExtension	`KeycloakContainerExtension`	The Keycloak container extension.

Methods

configureHealthCheck(targetGroup)

Configures the health check of the application target group.

configureHealthCheck(targetGroup: ApplicationTargetGroup): void

targetGroup (aws_elasticloadbalancingv2.ApplicationTargetGroup) No description

useCloudMapService(cloudMapService)

Register the task definition with a cloudmap service.

useCloudMapService(cloudMapService: IService): void

cloudMapService (aws_servicediscovery.IService) No description

interface IListenerInfoProvider ⚠️

Implemented by: HttpListenerProvider, HttpsListenerProvider, NlbListenerProvider Obtainable from: ListenerProvider.fromListenerInfo(), ListenerProvider.http(), ListenerProvider.https(), ListenerProvider.nlb(), ListenerProvider.none()

Provides ListenerInfo once the VPC is available.

interface IPortPublisher

Implemented by: AddTargetPortPublisher, HttpAlbPortPublisher, HttpListenerProvider, HttpsAlbPortPublisher, HttpsListenerProvider, NlbListenerProvider, NlbPortPublisher Obtainable from: PortPublisher.addTarget(), PortPublisher.httpAlb(), PortPublisher.httpsAlb(), PortPublisher.nlb(), PortPublisher.none()

Publishes container ports.

interface IVpcInfoProvider

Implemented by: FromVpcProvider, IngressAndPrivateVpcProvider Obtainable from: VpcProvider.fromExistingVpc(), VpcProvider.fromVpc(), VpcProvider.ingressAndPrivateVpc()

Provides VpcInfo.

struct KeycloakClusterProps

Props for KeycloakCluster.

Name	Type	Description
adminConsoleListenerProvider?⚠️	`IListenerInfoProvider`	Add the service's WildFly admin console port to a load balancer. *Default*: not exposed
adminConsolePortPublisher?	`IPortPublisher`	Add the service's WildFly admin console port to a load balancer. *Default*: not exposed
capacityProviderStrategy?🔹	`Array<aws_ecs.CfnCluster.CapacityProviderStrategyItemProperty>`	Add capacity provider strategy by CDK escape hatch. *Optional*
circuitBreaker?	`boolean`	Enable/disable the deployment circuit breaker. *Default*: true
cloudMapNamespaceProvider?	`ICloudMapNamespaceInfoProvider`	CloudMap namespace to use for service discovery. *Default*: creates one named 'keycloak-service-discovery'
cpu?	`number`	Fargate task cpu spec. *Default*: 1024
databaseProvider?	`IDatabaseInfoProvider`	Database server. *Default*: creates a new one
desiredCount?	`number`	How many keycloak cluster members to spin up. *Default*: 1
ecsClusterProvider?	`IClusterInfoProvider`	Provide an ECS cluster. *Default*: a cluster is automatically created.
healthCheckGracePeriod?	`Duration`	Initial grace period for Keycloak to spin up. *Default*: 10 minutes
httpPortPublisher?	`IPortPublisher`	Publish the service's HTTP port. *Default*: a new load balancer is automatically created unless `httpsPort` is given.
httpsListenerProvider?⚠️	`IListenerInfoProvider`	Add the service's https port to a load balancer. *Default*: not exposed
httpsPortPublisher?	`IPortPublisher`	Publish the service's HTTPS port. *Default*: not published
keycloak?	`KeycloakContainerExtensionProps`	Keycloak configuration options. *Optional*
listenerProvider?⚠️	`IListenerInfoProvider`	Add the service's http port to a load balancer. *Default*: a new load balancer is automatically created unless `httpsListenerProvider` is given.
maxHealthyPercent?	`number`	The maximum percentage of healthy tasks during deployments. *Optional*
memoryLimitMiB?	`number`	Fargate task memory spec. *Default*: 2048
minHealthyPercent?	`number`	The minimum percentage of healthy tasks during deployments. *Optional*
vpcProvider?	`IVpcInfoProvider`	VPC to use. *Default*: creates one
vpcTaskAssignPublicIp?	`boolean`	Assign public IPs to the Fargate tasks. *Default*: false
vpcTaskSubnets?	`aws_ec2.SubnetSelection`	Where to place the instances within the VPC. *Optional*

struct KeycloakContainerExtensionProps

Configuration for the Keycloak container.

Name	Type	Description
cacheOwnersAuthSessionsCount?	`number`	The number of distributed cache owners for authentication sessions. *Default*: same as `cacheOwnersCount`
cacheOwnersCount?	`number`	The default number of distributed cache owners for each key. *Default*: 1
containerName?	`string`	A name for the container added to the task definition. *Default*: 'keycloak'
databaseCredentials?	`aws_secretsmanager.ISecret`	Secrets manager secret containing the RDS database credentials and connection information in JSON format. *Default*: none
databaseName?	`string`	Database name. *Default*: 'keycloak'
databaseSchema?	`string`	Database schema. *Default*: for Postgresql, the default is 'public'
databaseVendor?	`KeycloakDatabaseVendor`	The database vendor. *Default*: KeycloakDatabaseVendor.H2
defaultAdminPassword?	`string`	Default admin user's password. *Default*: 'admin'
defaultAdminUser?	`string`	Default admin user. *Default*: 'admin'
image?	`aws_ecs.ContainerImage`	Keycloak container image to use. *Default*: use jboss/keycloak from docker hub.
infinicacheClustering?	`boolean`	Enable infinicache clustering. *Default*: true if any cache owner count is greater than 1
logging?	`aws_ecs.LogDriver`	Log driver for the task. *Default*: cloudwatch with one month retention
memoryLimitMiB?	`number`	Memory limit of the keycloak task. *Default*: 1024
memoryReservationMiB?	`number`	Memory reservation size for the keycloak task. *Default*: 80% of memoryLimitMiB

struct KeycloakEc2TaskDefinitionProps

Props for KeycloakEc2TaskDefinition.

Name	Type	Description
executionRole?	`aws_iam.IRole`	The name of the IAM task execution role that grants the ECS agent permission to call AWS APIs on your behalf. *Default*: An execution role will be automatically created if you use ECR images in your task definition.
family?	`string`	The name of a family that this task definition is registered to. *Default*: Automatically generated name.
inferenceAccelerators?	`Array<aws_ecs.InferenceAccelerator>`	The inference accelerators to use for the containers in the task. *Default*: No inference accelerators.
ipcMode?	`aws_ecs.IpcMode`	The IPC resource namespace to use for the containers in the task. *Default*: IpcMode used by the task is not specified
keycloak?	`KeycloakContainerExtensionProps`	Keycloak configuration. *Optional*
networkMode?	`aws_ecs.NetworkMode`	The Docker networking mode to use for the containers in the task. *Default*: NetworkMode.Bridge for EC2 tasks, AwsVpc for Fargate tasks.
pidMode?	`aws_ecs.PidMode`	The process namespace to use for the containers in the task. *Default*: PidMode used by the task is not specified
placementConstraints?	`Array<aws_ecs.PlacementConstraint>`	An array of placement constraint objects to use for the task. *Default*: No placement constraints.
proxyConfiguration?	`aws_ecs.ProxyConfiguration`	The configuration details for the App Mesh proxy. *Default*: No proxy configuration.
taskRole?	`aws_iam.IRole`	The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. *Default*: A task role is automatically created for you.
volumes?	`Array<aws_ecs.Volume>`	The list of volume definitions for the task. *Default*: No volumes are passed to the Docker daemon on a container instance.

struct KeycloakFargateTaskDefinitionProps

Props for KeycloakFargateTaskDefinition.

Name	Type	Description
cpu?	`number`	The number of cpu units used by the task. *Default*: 256
ephemeralStorageGiB?	`number`	The amount (in GiB) of ephemeral storage to be allocated to the task. *Default*: 20
executionRole?	`aws_iam.IRole`	The name of the IAM task execution role that grants the ECS agent permission to call AWS APIs on your behalf. *Default*: An execution role will be automatically created if you use ECR images in your task definition.
family?	`string`	The name of a family that this task definition is registered to. *Default*: Automatically generated name.
keycloak?	`KeycloakContainerExtensionProps`	Keycloak configuration. *Optional*
memoryLimitMiB?	`number`	The amount (in MiB) of memory used by the task. *Default*: 512
proxyConfiguration?	`aws_ecs.ProxyConfiguration`	The configuration details for the App Mesh proxy. *Default*: No proxy configuration.
taskRole?	`aws_iam.IRole`	The name of the IAM role that grants containers in the task permission to call AWS APIs on your behalf. *Default*: A task role is automatically created for you.
volumes?	`Array<aws_ecs.Volume>`	The list of volume definitions for the task. *Default*: No volumes are passed to the Docker daemon on a container instance.

struct ListenerInfo ⚠️

Information about how to register with a load balancer.

Name	Type	Description
listener⚠️	`aws_elasticloadbalancingv2.IApplicationListener`
conditions?⚠️	`Array<aws_elasticloadbalancingv2.ListenerCondition>`	*Optional*
priority?⚠️	`number`	*Optional*

struct NlbListenerProviderProps ⚠️

Information about a network load balancer to create.

Name	Type	Description
port⚠️	`number`	Port to listen on.
healthCheck?⚠️	`boolean`	Enable health checking on this endpoint. *Default*: true
id?⚠️	`string`	Scope ID of the load balancer. *Default*: 'LoadBalancer'

struct NlbPortPublisherProps

Information about a network load balancer to create.

Name	Type	Description
port	`number`	Port to listen on.
healthCheck?	`boolean`	Enable health checking on this endpoint. *Default*: true
id?	`string`	Scope ID of the load balancer. *Default*: 'LoadBalancer'

struct PrivateDnsNamespaceProviderProps

Props for creating a private Dns Namespace.

Name	Type	Description
name?	`string`	The globally unique name for the namespace. *Default*: 'keycloak-service-discovery'

struct ServerlessAuroraDatabaseProviderProps

Basic props for creating a serverless Aurora database cluster.

Name	Type	Description
engine?	`aws_rds.IClusterEngine`	Cluster engine. *Default*: rds.DatabaseClusterEngine.AURORA_MYSQL
scaling?	`aws_rds.ServerlessScalingOptions`	Scaling options. *Default*: 5 minute auto pause, min and max capacity of 1 acu.
subnets?	`aws_ec2.SubnetSelection`	Select subnets to register the database cluster in. *Optional*

struct VpcInfo

Information about the VPC other providers may opt to use to host their resources.

Name	Type	Description
vpc	`aws_ec2.IVpc`	The VPC.

enum KeycloakDatabaseVendor

The database vendor.

Name	Description
H2	H2 In-memory Database (Warning: data deleted when task restarts.).
MYSQL	MySQL.
MARIADB	MariaDB.
MSSQL	MSSQL (not yet supported, please submit a PR).
ORACLE	Oracle database (not yet supported, please submit a PR).
POSTGRES	Postgres.

Files

API.md

Latest commit

History

API.md

File metadata and controls

API Reference

class AddTargetPortPublisher

Initializer

class CloudMapNamespaceProvider

Initializer

Methods

static privateDns(props?)

class ClusterProvider

Initializer

Methods

static cluster()

static fargateSpotCluster()🔹

static fromClusterInfo(clusterInfo)

class DatabaseInstanceProvider

Initializer

class DatabaseProvider

Initializer

Methods

static databaseInstance(props?)

static fromDatabaseInfo(props)

static serverlessAuroraCluster(props?)

class EcsClusterInfoProvider

Initializer

class EnsureMysqlDatabaseExtension

Initializer

Methods

extend(taskDefinition)

class EnsurePostgresqlDatabaseExtension

Initializer

Methods

extend(taskDefinition)

class FargateSpotEcsClusterInfoProvider 🔹

Initializer

class FromClusterInfoProvider

Initializer

class FromDatabaseInfoProvider

Initializer

class FromVpcProvider

Initializer

class HttpAlbPortPublisher

Initializer

class HttpListenerProvider ⚠️

Initializer

class HttpsAlbPortPublisher

Initializer

class HttpsListenerProvider ⚠️

Initializer

class IngressAndPrivateVpcProvider

Initializer

class KeycloakCluster

Initializer

Properties

class KeycloakContainerExtension

Initializer

Properties

Methods

configureHealthCheck(targetGroup)

extend(taskDefinition)

useCloudMapService(serviceDiscovery)

class KeycloakEc2TaskDefinition

Initializer

Properties

Methods

configureHealthCheck(targetGroup)

useCloudMapService(cloudMapService)

class KeycloakFargateTaskDefinition

Initializer

Properties

Methods

configureHealthCheck(targetGroup)

useCloudMapService(cloudMapService)

class ListenerProvider ⚠️

Initializer

Methods