Make sure your task definition contains this:

"command": [

"start --cache-config-file=cache-ispn-jdbc-ping.xml"

],

"environment": [

{

"name": "KC_PROXY",

"value": "edge"

},

{

"name": "KC_DB",

"value": "mysql"

},

{

"name": "KC_HEALTH_ENABLED",

"value": "true"

},

{

"name": "KC_HOSTNAME_STRICT_BACKCHANNEL",

"value": "true"

},

{

"name": "KC_LOG_LEVEL",

"value": "INFO"

},

{

"name": "KC_HOSTNAME",

"value": "keycloak.mydomain.com"

}

],

"secrets": [

{

"name": "KC_DB_URL",

"valueFrom": "KEYCLOAK_DB_ADDR_PROD"

},

{

"name": "KC_DB_PASSWORD",

"valueFrom": "KEYCLOAK_PROD_DB_PASSWORD"

},

{

"name": "KC_DB_USERNAME",

"valueFrom": "KEYCLOAK_PROD_DB_USERNAME"

}

],

You need to have setup your domain on Route 53 first, just google it if you wonder how. I for instance host my Keycloak instances on keycloak.mydomain.com, you could do the same.

First go to EC2 -> Load Balancers and find your load balancer (or create one if you haven't already). Click on your load balancer and click "Add listener".

Choose HTTPS as protocol and port 443. Then add it.

Now you can go to ECS dashboard and add a new service in your cluster, choose your Keycloak task definition and fill out like I suggest in my tutorial, when you come to the "Configure Network" step choose your load balancer. Then set Production listener port to the 443:HTTPS you recently added to your load balancer.

For Target group name choose "create new" in the dropdown and give it an appropriate name like "keycloak-tg" or something.

Target group protocol can be set to HTTP.

Then create your service and head over to EC2 -> Target Groups and locate your keycloak-tg. Go to the "Health checks" tab and click Edit, set the health check path to "/health".

Head over to EC2->Load Balancers and click on your load balancer. Click on the HTTPS listener and add a rule. I have created a Host Header rule for keycloak.mydomain.com, you could do the same if that is where you want to host it.

Select "Forward to" in the "THEN" part and select the keycloak-tg.

The last step is to go to your hosted zone for your domain on Route 53 and add a new DNS record. Create an A-record for keycloak.mydomain.com.

Tick the "Alias" choice and under "Route traffic to" pick "Alias to Application and Classic Load Balancer", then choose your AWS region and then pick your load balancer. The rest just keep defaults.

Just give the DNS record some time to propagate then your Keycloak should be available over HTTPS. Keycloak should now be available on https://keycloak.yourdomain.com