AWSTemplateFormatVersion: 2010-09-09 Description: Template for provisioning a webrtc media server and client Parameters: Key: Type: String Description: They SSH key used to access the instance Resources: VPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 EnableDnsSupport: true EnableDnsHostnames: true Tags: - Key: Name Value: WebRTC Networking Demo VPC InternetGateway: Type: AWS::EC2::InternetGateway VPCGatewayAttachment: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref VPC InternetGatewayId: !Ref InternetGateway SubnetA: Type: AWS::EC2::Subnet Properties: AvailabilityZone: us-east-1a VpcId: !Ref VPC CidrBlock: 10.0.0.0/24 MapPublicIpOnLaunch: true RouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref VPC InternetRoute: Type: AWS::EC2::Route Properties: DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway RouteTableId: !Ref RouteTable SubnetARouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref RouteTable SubnetId: !Ref SubnetA JanusServerSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupName: "Janus Server Security Group" GroupDescription: "HTTP, Websockets and RTP traffic to Janus" VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 8188 ToPort: 8188 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 8088 ToPort: 8089 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 8889 ToPort: 8889 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 8000 ToPort: 8000 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 7088 ToPort: 7089 CidrIp: 0.0.0.0/0 - IpProtocol: udp FromPort: 10000 ToPort: 10100 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 SecurityGroupEgress: - IpProtocol: -1 CidrIp: 0.0.0.0/0 CoturnServerSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupName: "Coturn Server Security Group" GroupDescription: "STUN/TURN requests to coturn" VpcId: !Ref VPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 3478 ToPort: 3479 CidrIp: 0.0.0.0/0 - IpProtocol: udp FromPort: 3478 ToPort: 3479 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: udp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 5349 ToPort: 5350 CidrIp: 0.0.0.0/0 - IpProtocol: udp FromPort: 5349 ToPort: 5350 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 443 ToPort: 443 CidrIp: 0.0.0.0/0 - IpProtocol: udp FromPort: 443 ToPort: 443 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 5766 ToPort: 5766 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 49152 ToPort: 65535 CidrIp: 0.0.0.0/0 - IpProtocol: udp FromPort: 49152 ToPort: 65535 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 SecurityGroupEgress: - IpProtocol: -1 CidrIp: 0.0.0.0/0 JanusServer: Type: AWS::EC2::Instance Properties: SubnetId: !Ref SubnetA ImageId: ami-0ea98c194397a8df0 InstanceType: t2.micro KeyName: !Ref Key SecurityGroupIds: - Ref: JanusServerSecurityGroup BlockDeviceMappings: - DeviceName: /dev/xvda Ebs: VolumeSize: 10 Tags: - Key: Name Value: Janus Server - WebRTC Networking Demo CoturnServer: Type: AWS::EC2::Instance Properties: SubnetId: !Ref SubnetA ImageId: ami-0c8bdc775e3df207a InstanceType: t2.micro KeyName: !Ref Key SecurityGroupIds: - Ref: CoturnServerSecurityGroup BlockDeviceMappings: - DeviceName: /dev/xvda Ebs: VolumeSize: 10 Tags: - Key: Name Value: Coturn Server - WebRTC Networking Demo UserData: Fn::Base64: | #!/bin/bash IP_ADDRESS=$(curl http://169.254.169.254/latest/meta-data/public-ipv4) sed -i "s/IP_ADDRESS/$IP_ADDRESS/" /etc/turnserver.conf systemctl restart coturn AppBucket: Type: 'AWS::S3::Bucket' DeletionPolicy: Retain Properties: BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: AES256 Tags: - Key: Name Value: Client App - WebRTC Networking Demo BucketPolicy: Type: AWS::S3::BucketPolicy Properties: Bucket: !Ref AppBucket PolicyDocument: Statement: - Action: - s3:GetObject Effect: Allow Resource: !Join ['', ['arn:aws:s3:::', !Ref AppBucket, '/*']] Principal: CanonicalUser: !GetAtt CloudFrontOriginAccessIdentity.S3CanonicalUserId CloudFrontOriginAccessIdentity: Type: AWS::CloudFront::CloudFrontOriginAccessIdentity Properties: CloudFrontOriginAccessIdentityConfig: Comment: 'CloudFront OAI for WebRTC Networking Demo' CloudfrontDistribution: Type: AWS::CloudFront::Distribution Properties: DistributionConfig: CacheBehaviors: - PathPattern: /janus AllowedMethods: - "GET" - "HEAD" - "OPTIONS" - "PUT" - "PATCH" - "POST" - "DELETE" CachedMethods: - "HEAD" - "GET" TargetOriginId: janus-server CachePolicyId: 4135ea2d-6df8-44a3-9df3-4b5a84be39ad ViewerProtocolPolicy: redirect-to-https - PathPattern: /janus/* AllowedMethods: - "GET" - "HEAD" - "OPTIONS" - "PUT" - "PATCH" - "POST" - "DELETE" CachedMethods: - "HEAD" - "GET" TargetOriginId: janus-server CachePolicyId: 4135ea2d-6df8-44a3-9df3-4b5a84be39ad ViewerProtocolPolicy: redirect-to-https DefaultCacheBehavior: Compress: true ForwardedValues: QueryString: false TargetOriginId: app-s3-bucket ViewerProtocolPolicy: redirect-to-https DefaultRootObject: index.html CustomErrorResponses: - ErrorCachingMinTTL: 300 ErrorCode: 403 ResponseCode: 200 ResponsePagePath: /index.html - ErrorCachingMinTTL: 300 ErrorCode: 404 ResponseCode: 200 ResponsePagePath: /index.html Enabled: true HttpVersion: http2 Origins: - DomainName: !Join ['', [!Ref AppBucket, '.s3.amazonaws.com']] Id: app-s3-bucket S3OriginConfig: OriginAccessIdentity: !Join ['', ['origin-access-identity/cloudfront/', !Ref CloudFrontOriginAccessIdentity]] - DomainName: !GetAtt JanusServer.PublicDnsName Id: janus-server CustomOriginConfig: HTTPPort: 8088 OriginProtocolPolicy: 'http-only' OriginReadTimeout: 60 PriceClass: 'PriceClass_100' Tags: - Key: Name Value: CloudFrount Distribution - WebRTC Networking Demo Outputs: AppUrl: Value: !GetAtt CloudfrontDistribution.DomainName JanusServerIp: Value: !GetAtt JanusServer.PublicIp CoturnServerIp: Value: !GetAtt CoturnServer.PublicIp S3BucketName: Value: !Ref AppBucket