Automation β
Cloud-IAM managed Keycloak support automation to help you seamlessly manage, configure, and integrate your managed Keycloak deployments. Because Cloud-IAM exposes the full Keycloak Admin REST API, automation tools such as Terraform and Pulumi can be used without restrictions.
Terraform integration with Keycloak β
Cloud-IAM Keycloak deployments are fully compatible with the official Keycloak Terraform Provider. This means you can automate the configuration of your Keycloak's realms, clients, roles, users, groups, and more directly from your Infrastructure-as-Code (IaC) pipelines.
Configuration in Cloud-IAM β
Terraform API calls may be rate-limited for security and performance reasons. To prevent issues, ensure that the public IP address of the system running Terraform is added to your deploymentβs admin allow list.
Recommended Terraform Version
We strongly recommend using the latest supported and official Keycloak version of Terraform to guarantee full compatibility with the Keycloak provider. Using outdated versions may cause unexpected errors or compatibility issues during IaC execution.
pulumi β
Cloud-IAM Keycloak deployments are compatible with the Keycloak Pulumi provider for the same reason: full access to the Keycloak REST Admin API.
Troubleshooting β
Sometimes when adding a new realm pulumi gets a timeout within seconds as api response.
keycloak:index:Realm (REALM_NAME):
error: 1 error occurred:
error sending request: Post "https://YOUR_DOMAIN.cloud-iam.com/auth/admin/realms": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
Resources:
1 unchanged
Duration: 7sIncreasing the request timeout will solve the issue. The pulumi native customTimeouts flag does not seem to work but setting KEYCLOAK_CLIENT_TIMEOUT=60 environment variable to 60 seconds will work.