Deploy Keycloak to Azure App Service (Java SE) using Terraform
This setup deploys Keycloak 26.4.0 to Azure App Service (Java SE) using a JAR file (keycloak-26.4.0.zip) and an Azure SQL Database as the backend.
It automatically provisions: Resource Group App Service Plan (Linux, S1) Azure Linux Web App (Java 17) Azure SQL Server + Database Automatic deployment via zip deploy
Requirements Terraform v1.0 or later Azure CLI or Service Principal credentials The file keycloak-26.4.0.zip placed one level above the Terraform folder
Project structure: Keycloak/ ├── keycloak-26.4.0.zip └── terraform/ ├── main.tf ├── provider.tf ├── variables.tf ├── outputs.tf ├── terraform.tfvars └── README.md
Setup
-
Authenticate to Azure az login az account set --subscription ""
-
Edit terraform.tfvars (this file overrides all terraform variables) and set your SQL password: sql_admin_password = "YourStrongPassword123!" zip_deploy_file = "../keycloak-26.4.0.zip" # you can update the version if needed
-
Deploy Infrastructure Run these commands in the terraform folder: terraform init terraform plan -out=tfplan terraform apply tfplan
Terraform will create the resources and deploy Keycloak automatically.
Outputs After a successful deployment, Terraform prints: app_service_url = Keycloak endpoint sql_server_fqdn = SQL Server hostname Open the App Service URL in your browser to verify that Keycloak is running.
Cleanup To remove all resources and avoid costs: terraform destroy
Notes Default Keycloak admin credentials (set in main.tf): KEYCLOAK_ADMIN = admin KEYCLOAK_ADMIN_PASSWORD = Admin123!
To check logs: az webapp log tail --name --resource-group
Done! You now have a fully automated, two-instance Keycloak deployment on Azure App Service with Terraform.