How to deploy the Curity Identity Server on AWS

How to deploy the Curity Identity Server on AWS

tutorials

There are a couple of different options when deploying the Curity Identity Server on AWS.

CloudFormation Template

This is a very straight forward approach. Follow the details in the How-to article, Run Curity Identity Server on AWS (CloudFormation Template) and readme in the GitHub repo holding the actual template.

Kubernetes using the Helm chart

Instructions on installing components to create and manage EKS clusters via eksctl are detailed in the AWS Getting started with eksctl article.

First create a cluster via the AWS console or using eksctl, ex:

eksctl create cluster \
 --name curity \
 --version 1.17 \
 --nodes 2

The result should verify that the cluster is created. Note that this can take several minutes to complete. shell ... [✔] EKS cluster "curity" in "us-west-2" region is ready

In order to install the Helm chart in an Amazon EKS cluster, kubectl needs to be configured. This is outlined in this Amazon article, Using Helm with Amazon EKS. Make sure to also Create a kubeconfig for Amazon EKS as noted in the documentation.

aws eks --region us-west-2 update-kubeconfig --name curity

Now that a cluster is created, kubectl properly configured and Helm installed the Helm chart can be installed. Check out the details in the Install the Curity Identity Server with Helm article.

The Curity AWS AMI

Similar to using the CloudFormation Template, using the Curity Identity Server AMI is very straight forward. The AMI is publicly available and can be searched for in the EC2/AMIs section of the AWS Console. Detailed instructions on the process are outlined in the Run Curity Identity Server on AWS (AMI) article.

Using RDS

The Curity Identity Server in all the above scenarios will have an internal HSQL database available internally that can be used for testing purpose. It would however also be possible to use an AWS RDS Aurora instance for example. All of the RDS database options are supported, note that MySQL/MariaDB and Oracle requires JDBC drivers to be deployed to the Curity Identity Server.

Create a Data Source

Simply create a new Data Source in the Facilities menu in the Admin UI of the Curity Identity Server. The Connection String should point to the RDS Endpoint, ex. jdbc:postgresql://my-db.cfrfqrts6x8cu.us-west-2.rds.amazonaws.com:5432/postgres.

With a Data Source created a Credential Manager and an Account Manager could be leveraging the new Data Source.

Database schema scripts are available in $IDSVR_HOME/etc for several different databases.

Summary

There are several different ways to get a scalable and robust deployment of the Curity Identity Server up and running in AWS. In this article the options of using a CloudFormation Template, Helm Chart for Kubernetes and using the Curity provided AWS AMI has been covered. Some of the configuration options outlined in this article could and should be tweaked for production deployments.

Let’s Stay in Touch!

Get the latest on identity management, API Security and authentication straight to your inbox.

Keep up with our latest articles and how-tos using RSS feeds