Create PostgreSQL RDS for SAML SSO
Before you configure Security Assertion Markup Language (SAML) Single Sign-On (SSO) for Appsmith installation on AWS ECS using EC2 or Fargate instances, you need to set up a PostgreSQL RDS instance to store the Keycloak data. This page outlines the steps to set up a PostgreSQL RDS for your AWS ECS on EC2 or Fargate instances.
Prerequisites
- Amazon Web Services (AWS) account. If you don't have one, Create an AWS Account.
- An Appsmith Commercial Edition installation using AWS ECS on EC2 or Fargate. If not installed yet, see the AWS ECS on EC2 or AWS ECS on Fargate installation guides for installing Appsmith.
- At least 2 GB of free storage space for backup and update tasks.
- Backup your Appsmith instance
- Access to run
supervisorctl
commands.
Backup Keycloak data
Follow the below steps to backup Keycloak data:
Go to Keycloak directory using a
cd
command:cd /opt/keycloak/bin
Create a backup with:
./kc.sh export --dir /appsmith-stacks/data/kc_data/
The above command creates a backup of Keycloak data present in the
kc_data
directory.
Create PostgreSQL RDS instance
Follow the below steps to set up PostgreSQL RDS instance:
- Go to RDS on Amazon management console and click Create database
- On Create database screen, add the database configuration as shown below:
- Database creation method - Standard create
- Engine options- PostgreSQL
- Engine version- PostgreSQL 12.11-R1 or above
- Templates- Free tier
- DB instance identifier- give a meaningful name to the DB instance. For example,
appsmith-keycloak
- Under Credentials Settings:
- Add a username or use the default name as postgres
- Either choose an autogenerated password or add your own strong password for the Master Password Keep a note of these credentials, as you will need the credentials to connect Keycloak RDS from the Appsmith instance.
- If you wish, you may choose to configure Backup, monitoring, and encryption details. For all other fields keep the default selections.
- Click the Create database button to create the RDS instance
- After launching the instance, note the endpoint available under Connectivity & security tab on the instance details screen. You need this endpoint for configuring the Appsmith instance, enabling it to establish a connection with the Keycloak RDS.
Update Appsmith task definition
Follow the below steps to configure your Appsmith task definition to use the newly created EFS:
- Go to the AWS Management Console, open the Amazon ECS console, and select Task Definitions from the sidebar.
- Select the existing Appsmith task definition, and click the Create new revision button to create a new revision of the task definition.
- Go to the Container-1 section, click the Add environment variable button, and add the below environment variables in Key and their values in Value:
- APPSMITH_KEYCLOAK_DB_URL - Add the endpoint URL you noted down in the Setup PostgreSQL section
- APPSMITH_KEYCLOAK_DB_DRIVER - postgresql
- APPSMITH_KEYCLOAK_DB_USERNAME - Add the database username you noted down in the Setup PostgreSQL section
- APPSMITH_KEYCLOAK_DB_PASSWORD - Add the database password you noted down in the Setup PostgreSQL section
- Keep default values for other settings, and click the Create button.
Update Appsmith ECS service
Follow the below steps to update your Appsmith service to use the newly created task definition:
- Go to the AWS Management Console, open the Amazon ECS console, select your ECS Cluster, and go to the Services tab.
- Select your service and click the Update button.
- Check the Force new deployment checkbox
- In the Task definition, select the newly created revision for the Revision setting.
- Click the Update button to save the changes and initiate a new deployment.
- Verify the service Last status shown as Running, which means that the service is up and running.
Restore Keycloak data
Follow the below steps to restore Keycloak data:
Go to Keycloak directory using a
cd
command:cd /opt/keycloak/bin
Stop the Keycloak with:
supervisorctl stop keycloak
Run the below command to restore the data:
./kc.sh import --db postgres --db-password ${APPSMITH_KEYCLOAK_DB_PASSWORD} --db-username ${APPSMITH_KEYCLOAK_DB_USERNAME} --db-url "jdbc:${APPSMITH_KEYCLOAK_DB_DRIVER}://${APPSMITH_KEYCLOAK_DB_URL}" --dir /appsmith-stacks/data/kc_data/
The above command imports the backup taken in the Backup Keycloak Data section.
Start Keycloak with:
supervisorctl start keycloak
After Keycloak is up and running, verify Appsmith by logging into your Appsmith account.
Troubleshooting
If you see errors, you can roll back to a previous version to fix the issue. For more information, see the Restore instance section. If you continue to face issues, contact the support team using the chat widget at the bottom right of this page.