How to deploy the Curity Identity Server on AWS
There are a couple of different options when deploying the Curity Identity Server on AWS.
This is a very straight forward approach. Follow the details in the How-to article, Run Curity Identity Server on AWS (CloudFormation Template) and readme in the GitHub repo holding the actual template.
Instructions on installing components to create and manage EKS clusters via
eksctl are detailed in the AWS Getting started with eksctl article.
First create a cluster via the AWS console or using
eksctl create cluster \ --name curity \ --version 1.17 \ --nodes 2
The result should verify that the cluster is created. Note that this can take several minutes to complete.
[✔] EKS cluster "curity" in "us-west-2" region is ready
In order to install the Helm chart in an Amazon EKS cluster,
kubectl needs to be configured. This is outlined in this Amazon article, Using Helm with Amazon EKS. Make sure to also Create a kubeconfig for Amazon EKS as noted in the documentation.
aws eks --region us-west-2 update-kubeconfig --name curity
Now that a cluster is created,
kubectl properly configured and
Helm installed the Helm chart can be installed. Check out the details in the Install the Curity Identity Server with Helm article.
Similar to using the CloudFormation Template, using the Curity Identity Server AMI is very straight forward. The AMI is publicly available and can be searched for in the EC2/AMIs section of the AWS Console. Detailed instructions on the process are outlined in the Run Curity Identity Server on AWS (AMI) article.
The Curity Identity Server in all the above scenarios will have an internal HSQL database available internally that can be used for testing purpose. It would however also be possible to use an AWS RDS Aurora instance for example. All of the RDS database options are supported, note that MySQL/MariaDB and Oracle requires JDBC drivers to be deployed to the Curity Identity Server.
Simply create a new Data Source in the Facilities menu in the Admin UI of the Curity Identity Server. The Connection String should point to the RDS Endpoint, ex.
With a Data Source created a Credential Manager and an Account Manager could be leveraging the new Data Source.
Database schema scripts are available in
$IDSVR_HOME/etc for several different databases.
There are several different ways to get a scalable and robust deployment of the Curity Identity Server up and running in AWS. In this article the options of using a CloudFormation Template, Helm Chart for Kubernetes and using the Curity provided AWS AMI has been covered. Some of the configuration options outlined in this article could and should be tweaked for production deployments.