SavvyTechies Documentation
Managed multi-tenant Keycloak on AWS — the honest, operational guide to what we run and how you run on it.
What this is
Section titled “What this is”SavvyTechies runs Keycloak as a managed, multi-tenant platform: you get enterprise identity (SSO, MFA, OIDC/SAML, RBAC) without operating Keycloak, Postgres, caching, upgrades, or HA yourself. These docs describe what we actually run — a single-cloud, multi-region architecture with optional cross-cloud standby — not an aspirational diagram.
ArchitectureFargate data plane, serverless control plane, cell-based multi-tenancy, Aurora source of truth.
High Availability & ResiliencyMulti-AZ, Aurora Global active-passive, failover, RTO/RPO, and the tiered SLA.
Multi-CloudCross-cloud warm standby (AWS→Azure) and YugabyteDB active-active.
Migration ApproachesMove from Auth0/Cognito/Ping and keep your auth URL.
Rolling Upgrades & PatchingZero-downtime deploys, gated DB migrations, patch cadence.
Realm Setup & ConfigurationIsolation tiers, IdPs, MFA, custom domains, AI-config.
Reporting & AnalyticsEvent pipeline, dashboards, audit exports, metering.
Advanced SecurityAdaptive auth, brute-force defense, STS broker, key rotation.
RoadmapWhat ships when — phased and honest.
Principles
Section titled “Principles”- Sell what we run. Availability is tiered by architecture (99.9% / 99.95% / 99.99%), backed after production maturity — not four-nines on day one.
- No lock-in. 100% open-source Keycloak core, standard APIs, exportable data.
- Cost honesty. ~60% cheaper than Auth0 at scale, from a low, mostly-fixed cost base.