Skip to main content

PostgreSQL RDS on AWS ECS for SAML SSO

Before you configure Security Assertion Markup Language (SAML) Single Sign-On (SSO) or High availability for Appsmith installation on AWS ECS using EC2 or Fargate instances, you need to set up a PostgreSQL RDS instance to store the Keycloak data. This page outlines the steps to set up a PostgreSQL RDS for your AWS ECS on EC2 or Fargate instances.

Prerequisites

  • Amazon Web Services (AWS) account. If you don't have one, Create an AWS Account.
  • An Appsmith Commercial Edition installation using AWS ECS on EC2 or Fargate. If not installed yet, see the AWS ECS on EC2 or AWS ECS on Fargate installation guides for installing Appsmith.
  • At least 2 GB of free storage space for backup and update tasks.
  • Backup your Appsmith instance
  • Access to run supervisorctl commands.

Backup Keycloak data

Follow the below steps to backup Keycloak data:

  1. Go to Keycloak directory using a cd command:

    cd /opt/keycloak/bin
  2. Create a backup with:

    ./kc.sh export --dir /appsmith-stacks/data/kc_data/

    The above command creates a backup of Keycloak data available in the kc_data directory.

Create PostgreSQL RDS instance

Follow the below steps to set up PostgreSQL RDS instance:

  • Go to RDS on Amazon management console and click Create database
  • On Create database screen, add the database configuration as shown below:
    • Database creation method - Standard create
    • Engine options- PostgreSQL
    • Engine version- PostgreSQL 12.11-R1 or above
    • Templates- Free tier
    • DB instance identifier- give a meaningful name to the DB instance. For example, appsmith-keycloak
    • Under Credentials Settings:
      • Add a username or use the default name as postgres
      • Either choose an autogenerated password or add your own strong password for the Master Password Note these credentials, as you will need them to connect Keycloak RDS from the Appsmith instance.
    • If you wish, you can configure Backup, monitoring, and encryption details. For all other fields, keep the default selections.
  • Click the Create database button to create the RDS instance
  • After launching the instance, note the endpoint available under Connectivity & security tab on the instance details screen. This endpoint is needed to configure the Appsmith instance, enabling it to establish a connection with the Keycloak RDS.

Update Appsmith task definition

Follow the below steps to configure your Appsmith task definition to use the newly created EFS:

  1. Go to the AWS Management Console, open the Amazon ECS console, and select Task Definitions from the sidebar.
  2. Select the existing Appsmith task definition and click the Create new revision button to create a new revision for the task definition.
  3. Go to the Container-1 section, click the Add environment variable button, and add the below environment variables in Key and their values in Value:
    • APPSMITH_KEYCLOAK_DB_URL - Add the endpoint URL you noted down in the Setup PostgreSQL section
    • APPSMITH_KEYCLOAK_DB_DRIVER - postgresql
    • APPSMITH_KEYCLOAK_DB_USERNAME - Add the database username you noted down in the Setup PostgreSQL section
    • APPSMITH_KEYCLOAK_DB_PASSWORD - Add the database password you noted down in the Setup PostgreSQL section
  4. Keep default values for other settings, and click the Create button.

Update Appsmith ECS service

Follow the below steps to update your Appsmith service to use the newly created task definition:

  1. Go to the AWS Management Console, open the Amazon ECS console, select your ECS Cluster, and go to the Services tab.
  2. Select your service and click the Update button.
  3. Check the Force new deployment checkbox
  4. In the Task definition, select the newly created revision for the Revision setting.
  5. Click the Update button to save the changes and initiate a new deployment.
  6. Verify the service Last status shown as Running, which means that the service is up and running.

Restore Keycloak data

Follow the below steps to restore Keycloak data:

  1. Go to Keycloak directory using a cd command:

    cd /opt/keycloak/bin
  2. Stop the Keycloak with:

    supervisorctl stop keycloak
  3. Run the below command to restore the data:

    ./kc.sh import --db postgres --db-password ${APPSMITH_KEYCLOAK_DB_PASSWORD} --db-username ${APPSMITH_KEYCLOAK_DB_USERNAME} --db-url "jdbc:${APPSMITH_KEYCLOAK_DB_DRIVER}://${APPSMITH_KEYCLOAK_DB_URL}" --dir /appsmith-stacks/data/kc_data/

    The above command imports the backup available in the Backup Keycloak Data section.

  4. Start Keycloak with:

    supervisorctl start keycloak

After Keycloak is up and running, verify Appsmith by logging into your Appsmith account.

Troubleshooting

If you see errors, you can roll back to a previous version to fix the issue. For more information, see the Restore instance section. If you continue to face issues, contact the support team using the chat widget at the bottom right of this page.

Further reading