Setting up aws-saas-boot for Keycloak

[sj-metta]

❓ General Issue

The Question

Hi Team , I am trying to setup saas boost as POC for Keyclock. I am getting below error in cloud formation
Embedded stack arn:aws:cloudformation:ap-south-1:7----9:stack/sb-dev5-idp-9UQAMTET4MLY-keycloak-----/-----02cf-11ee------0ad4aa078e90 was not successfully created: The following resource(s) failed to create: [InvokeKeycloakSetup, KeycloakRecordSetAlias].

Environment

• AWS SaaS Boost Version: 2.2.3

Other information

[sj-metta]

I having trouble providing a domain , looks like a DNS issue but not getting any more information from error.

[brtrvn]

When you choose Keycloak as your System Users identity provider, you have to provide 3 things:

• The domain name you want to use for the Keycloak install that SaaS Boost is going to provision
• The Route 53 public hosted zone that has NS name server entries in it for the FQDN in step 1
• An Amazon Certificate Manager (ACM) SSL cert that matches the domain name in step 1 either as a wildcard cert or a specific one.

SaaS Boost will add an A record to the hosted zone for the domain name you gave to the installer when setting up the load balancer. It's your responsibility to make sure the domain name you use for your Keycloak install is routable from the internet (DNS is active and property setup).

To debug what happened, I'd double check the CloudWatch Logs for the Keycloak setup Lambda, the CodeBuild project that deploys Keycloak to ECS, and general DNS debugging like doing an nslookup or dig against the domain name you used for your Keycloak install.

All of these restrictions are in place because Keycloak requires a valid, public SSL certificate in order to operate.