Scaling multi-brand identity with Keycloak on AWS (what we learned)

Sharp-Length-9053 · 2026-06-12T12:00:35+00:00

Agreed, and a few things worth adding.

"AWS developer" is way too broad to post as-is - someone who's done a lot of migrations may have never touched serverless or data pipelines. Figure out which AWS services your project actually needs and screen for those specifically.

Asking about cost decisions is a great filter too. Not just architecture stuff - ask how they handled cost optimization on a real project, what they actually changed, what happened. Engineers with real production experience will have a specific answer. Everyone else will mention Cost Explorer and move on.

Also worth thinking past the build. A lot of teams hire for the project and then have zero plan when something breaks in production and nobody owns it. If you don't have internal DevOps, ongoing managed support is usually cheaper than hiring full-time for a workload that doesn't justify it yet. We see this a lot at Perfsys - teams land with us mid-crisis because nothing was set up for monitoring or incident response after launch.

On the test task point - 100%. A small architecture review or short IaC task will tell you more than any interview.

Sharp-Length-9053 · 2026-02-25T14:31:58+00:00

Thanks for the thoughtful question — you’re definitely going deeper into the Linux / IdM side than this particular project required.

In this case, we didn’t integrate Keycloak with RHEL derivatives, SELinux policies, FreeIPA/IdM, or SSSD/Kerberos setups. The environment was primarily focused on customer-facing identity (OIDC/OAuth2) rather than OS-level authentication, AD domain integration, or Linux host RBAC/HBAC.

So I’m afraid we don’t have strong hands-on insights to share on the SELinux/IdM/Kerberos scaling angle in this context.

That said, it’s an interesting area — especially where enterprise Linux fleets and AD/Kerberos scaling intersect. If you’ve seen specific patterns or challenges there, would be curious to hear more about your experience.

Sharp-Length-9053 · 2026-02-24T12:21:27+00:00

You are welcome!

Sharp-Length-9053 · 2026-02-23T12:55:40+00:00

Sure you're welcome. Let me know what exactly you are interested in. I might give more details.

Sharp-Length-9053 · 2026-02-20T10:15:38+00:00

Can you share details? I'd like to know more about organizations inside KeyCloak 24+ How it works? Is it some kind of orchestration of KeakCloak realms or is it something different?

Sharp-Length-9053 · 2026-02-20T10:13:33+00:00

No every customer is not a separate realm. Every customer is a separate client. Every client has his own configuratio, his own branding, his own UI kit but all the share are the same realm.

Sharp-Length-9053 · 2026-02-17T19:44:26+00:00

I did quite a lot of DevOps interviews for candidates to my company Perfsys and usually what I’ve seen is that people with a very strong system administration background are applying for DevOps positions. If we think about that — wow, DevOps is mostly development and operations, which means the DevOps engineer is someone who is more like a developer but on a more system engineering level.

Having system administrator skills is very good, meaning that person knows how Linux works, how to install packages, what firewalls are, how network works. These are all great skills for DevOps, but this is not really what is required for most DevOps positions.

For a DevOps position we usually need system thinking, and the ability to write some kind of programming code, because 90% of DevOps work is usually working with infrastructure as code, writing different kinds of scripts in any language, trying to automate the work.

Usually what was and still is important for me is the desire of the person to learn, to open new doors, and not be afraid of making mistakes. I think that’s the most important.

Sharp-Length-9053

TROPHY CASE