AWSTemplateFormatVersion: 2010-09-09 Description: >- Ant Media Server Standalone EC2 server template for Wavelength Zone If you have any questions, please just drop a line to contact (at) antmedia.io Parameters: AntMediaServerInstanceType: Description: Ant Media Server EC2 instance type Type: String Default: t3.medium AllowedValues: - t3.medium - t3.xlarge - r5.2xlarge - g4dn.2xlarge ConstraintDescription: must be a valid EC2 instance type. KeyName: Description: Name of an existing EC2 KeyPair to enable SSH access to the instances. If there is no value here, you must create an ssh key (EC2 > Key Pairs). Type: 'AWS::EC2::KeyPair::KeyName' MinLength: '1' MaxLength: '255' AllowedPattern: '[\x20-\x7E]*' ConstraintDescription: can contain only ASCII characters. STUNServerAddress: Description: 'STUN Server Address' Type: String Default: 'stun.wavelength.antmedia.cloud' DomainName: Description: 'Fill in this field if you selected EnableSSL true. The domain name that you will use in Ant Media Server.' Type: String Default: '' Route53HostedZoneId: Description: 'Fill in this field if you selected EnableSSL true. HostedZoneId of Domain Name on Route53' Type: String Default: '' EnableSSL: Description: 'If you want to enable SSL for Ant Media Server, select True and fill in the "DomainName, Route53HostedZoneId" fields.' Default: false Type: String AllowedValues: - true - false PolicyName: Description: 'Fill in this field if you selected EnableSSL true. Policy name with Route53 access granted' Type: String Default: '' WavelengthZones: Type: String Description: '' Default: us-east-1-wl1-bos-wlz-1 AllowedValues: - us-east-1-wl1-atl-wlz-1 - us-east-1-wl1-bos-wlz-1 - us-east-1-wl1-chi-wlz-1 - us-east-1-wl1-dfw-wlz-1 - us-east-1-wl1-iah-wlz-1 - us-east-1-wl1-mia-wlz-1 - us-east-1-wl1-nyc-wlz-1 - us-east-1-wl1-was-wlz-1 - us-west-2-wl1-den-wlz-1 - us-west-2-wl1-las-wlz-1 - us-west-2-wl1-phx-wlz-1 - us-west-2-wl1-sfo-wlz-1 - us-west-2-wl1-sea-wlz-1 - ap-northeast-2-wl1-cjj-wlz-1 - ap-northeast-1-wl1-kix-wlz-1 - ap-northeast-1-wl1-nrt-wlz-1 - eu-west-2-wl1-lon-wlz-1 Conditions: Route53IAM: !Equals - !Ref EnableSSL - true Resources: DescribeImagesRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Action: sts:AssumeRole Effect: Allow Principal: Service: lambda.amazonaws.com ManagedPolicyArns: - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole Policies: - PolicyName: DescribeImages PolicyDocument: Version: '2012-10-17' Statement: - Action: ec2:DescribeImages Effect: Allow Resource: "*" GetLatestAMI: Type: AWS::Lambda::Function Properties: Runtime: python3.9 Handler: index.handler Role: !Sub ${DescribeImagesRole.Arn} Timeout: 60 Code: ZipFile: | import boto3 import cfnresponse import json import traceback def handler(event, context): try: response = boto3.client('ec2').describe_images( Owners=[event['ResourceProperties']['Owner']], Filters=[ {'Name': 'name', 'Values': [event['ResourceProperties']['Name']]}, {'Name': 'architecture', 'Values': [event['ResourceProperties']['Architecture']]}, {'Name': 'root-device-type', 'Values': ['ebs']}, ], ) amis = sorted(response['Images'], key=lambda x: x['CreationDate'], reverse=True) id = amis[0]['ImageId'] cfnresponse.send(event, context, cfnresponse.SUCCESS, {}, id) except: traceback.print_last() cfnresponse.send(event, context, cfnresponse.FAIL, {}, "ok") AntMediaAmi: Type: Custom::FindAMI Properties: ServiceToken: !Sub ${GetLatestAMI.Arn} Owner: "679593333241" Name: "AntMedia-AWS-Marketplace-EE-*" Architecture: "x86_64" UbuntuAmi: Type: Custom::FindAMI Properties: ServiceToken: !Sub ${GetLatestAMI.Arn} Owner: "099720109477" Name: "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" Architecture: "x86_64" WavelengthVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 EnableDnsHostnames: true EnableDnsSupport: true Tags: - Key: Name Value: !Sub ${AWS::StackName}-Wavelength-Vpc Subnet: Type: AWS::EC2::Subnet DependsOn: WavelengthVPC Properties: VpcId: !Ref WavelengthVPC AvailabilityZone: !Ref WavelengthZones CidrBlock: 10.0.1.0/24 Tags: - Key: Name Value: !Sub ${AWS::StackName}-Wavelength-Origin-Subnet CarrierDefaultGateway: Type: AWS::EC2::CarrierGateway Properties: VpcId: !Ref WavelengthVPC CarrierDefaultRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref WavelengthVPC Tags: - Key: Name Value: !Sub ${AWS::StackName}-Wavelength-Route-Table DefaultRoute: Type: AWS::EC2::Route DependsOn: CarrierDefaultGateway Properties: RouteTableId: !Ref CarrierDefaultRouteTable CarrierGatewayId: !Ref CarrierDefaultGateway DestinationCidrBlock: 0.0.0.0/0 SubnetRouteTableAssociationOrigin: Type: AWS::EC2::SubnetRouteTableAssociation Properties: RouteTableId: !Ref CarrierDefaultRouteTable SubnetId: !Ref Subnet InstanceSecurityGroup: Type: 'AWS::EC2::SecurityGroup' Properties: GroupDescription: Enable SSH access and HTTP access on the configured port SecurityGroupIngress: - IpProtocol: tcp FromPort: '22' ToPort: '22' CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: '5080' ToPort: '5080' CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: '5443' ToPort: '5443' CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: '1935' ToPort: '1935' CidrIp: 0.0.0.0/0 - IpProtocol: udp FromPort: '5000' ToPort: '65000' CidrIp: 0.0.0.0/0 VpcId: !Ref WavelengthVPC AntMediaEC2Instance: Type: 'AWS::EC2::Instance' Properties: KeyName: !Ref KeyName ImageId: !Ref AntMediaAmi InstanceType: !Ref AntMediaServerInstanceType NetworkInterfaces: - AssociateCarrierIpAddress: true IamInstanceProfile: !If [Route53IAM, !Ref PolicyName, !Ref "AWS::NoValue"] NetworkInterfaces: - SubnetId: !Ref Subnet AssociateCarrierIpAddress: true DeviceIndex: '0' GroupSet: - Ref: InstanceSecurityGroup Tags: - Key: Name Value: AntmediaServer UserData: Fn::Base64: !Sub | #!/bin/bash -xe apt-get update && apt-get install awscli -y sed -i "s/stun1.l.google.com:19302/${STUNServerAddress}/g" /usr/local/antmedia/webapps/WebRTCAppEE/*.html if [ ${EnableSSL} == "true" ]; then cat << EOF > /tmp/aws_route53.json { "Comment": "CREATE/DELETE/UPSERT a record ", "Changes": [{ "Action": "CREATE", "ResourceRecordSet": { "Name":"${DomainName}", "Type": "A", "TTL": 300, "ResourceRecords": [{ "Value":"$(curl -s http://checkip.amazonaws.com)"}] }}]} EOF aws route53 change-resource-record-sets --hosted-zone-id ${Route53HostedZoneId} --change-batch file:///tmp/aws_route53.json bash /usr/local/antmedia/enable_ssl.sh -d ${DomainName} -v route53 fi