If you work with a lot of different AWS accounts, you have to create different YAML users for
each account and remember logins and passwords.
- Creation of multiple accounts in different web apps.
- Too much time for management and setting AWS apps accounts, Gmail accounts
- Mixing up different passwords to these accounts, finding the way to securely store
- Authorization and data storage for applications.
- Potentially high costs for using Auth0, Rippling, Gmail SSO solutions etc.
Federate access to AWS account
For solving all these problems we used a Keycloak identity provider. It’s an open source
project from Redhat.
You can learn more about Keycloak
We used AWS services such as EC2, ALB, ECS, RDS, CodePipeline, and ECR. - ECS: for managing
- EC2: for hosted docker containers.
- ALB: for distribution of data.
- RDS: for saving the data of users (password, email, names etc).
- CodePipeline: for automatization of deployment.
- ECR: for saving modified docker images.
- SES: for send email to users
Overall cost of this solution: $1.61/day
The diagram represents the pipeline process of how the custom docker image is
created and how the system works.
We have customized the start page, authorisation page and admin panel.
Moreover we can sent a forgotten password email using AWS SES.
This solution is beneficial because we can send more emails than when using other providers.
When creating custom containers, we can change the UI, text in email, and other parameters.
Who needs this?
- 1. Do not want other persons to have access to their data
- 2. Do not want to create their own solutions for authorization in applications
- 3. Want to be able to customize
- 4. To save money
Check our Single sign-on (SSO) Solutions for Business