OpenVidu Elastic Installation: AWS#

Info

OpenVidu Elastic is part of OpenVidu PRO. Before deploying, you need to create an OpenVidu account to get your license key. There's a 15-day free trial waiting for you!

This section contains the instructions to deploy a production-ready OpenVidu Elastic deployment in AWS. Deployed services are the same as the On Premises Elastic Installation but automate the process with AWS CloudFormation.

First of all, import the template in the AWS CloudFormation console. You can click the following button...

Deploy OpenVidu Elastic in

...or access your AWS CloudFormation console and manually set this S3 URL in the Specify template section:

https://s3.eu-west-1.amazonaws.com/get.openvidu.io/pro/elastic/latest/aws/cf-openvidu-elastic.yaml

Architecture overview

This is how the architecture of the deployment looks:

The Master Node acts as a Load Balancer, managing the traffic and distributing it among the Media Nodes and deployed services in the Master Node.
The Master Node has its own Caddy server acting as a Layer 4 (for TURN with TLS and RTMPS) and Layer 7 (for OpenVidu Dashboard, OpenVidu Call, etc., APIs) reverse proxy.
WebRTC traffic (SRTP/SCTP/STUN/TURN) is routed directly to the Media Nodes.
An autoscaling group of Media Nodes is created to scale the number of Media Nodes based on the system load.

CloudFormation Parameters#

Depending on your needs, you need to fill in the following CloudFormation parameters:

Domain and SSL Certificate Configuration#

These are the three possible scenarios you may have to configure in this section:

Let's Encrypt Certificate (recommended)Self-Signed CertificateCustom Certificates

For a production-ready setup, this scenario is ideal when you have an FQDN (Fully Qualified Domain Name) and an Elastic IP at your disposal. It leverages the services of Let's Encrypt to automatically generate valid certificates.

First, you need to have the FQDN pointing to the Elastic IP you are going to use.

Then, you need to fill in the following parameters:

As you can see, you need to specify the DomainName with your FQDN, the PublicElasticIP with the Elastic IP that the domain points to, and the LetsEncryptEmail with your email address for Let’s Encrypt notifications. These parameters are mandatory.

This is the most straightforward option for deploying OpenVidu on AWS when you do not have a Fully Qualified Domain Name (FQDN). This method allows for the immediate use of OpenVidu in AWS using CloudFormation.

However, this convenience comes with the caveat that users will need to manually accept the certificate in their web browsers. Please be aware that this configuration is solely for developmental and testing purposes and is not suitable for a production environment.

These are the parameters needed in this section to use self-signed certificates:

You don’t need to specify any parameters; just select the CertificateType as self-signed. The domain name used will be an AWS-generated one.

Opt for this method if you possess your own certificate for an existing FQDN. It enables you to deploy OpenVidu on AWS using your certificates.

You need to have a Fully Qualified Domain Name (FQDN) pointing to a previously created Elastic IP.

Also, you need a temporary HTTP server hosting your private and public certificate under a specific URL. These URLs are needed for the instance to be able to download and install your certificates.

The configured parameters would look like this:

You need to specify at OwnPublicCertificate and OwnPrivateCertificate the URLs where the public and private certificates are hosted, respectively. The DomainName and PublicElasticIP are mandatory parameters.

Certificates need to be in PEM format and the URLs must be accessible from the instance.

OpenVidu Elastic Configuration#

In this section, you need to specify some properties needed for the OpenVidu Elastic deployment.

OpenVidu Elastic Configuration

The parameters in this section might appear as follows:

Make sure to provide the OpenViduLicense parameter with the license key. If you don't have one, you can request one here.

For the RTCEngine parameter, you can choose between Pion (the engine used by LiveKit) and Mediasoup (experimental).

Warning

mediasoup integration in OpenVidu is experimental, and should not be used in production environments. There are some limitations that are currently being worked on, expected to be ironed out in the near future.

EC2 Instance Configuration#

You need to specify some properties for the EC2 instances that will be created.

EC2 Instance configuration

The parameters in this section may look like this:

Simply select the type of instance you want to deploy at MasterNodeInstanceType and MediaNodeInstanceType, the SSH key you want to use to access the machine at KeyName, and the Amazon Image ID (AMI) to use at AmiId.

By default, the parameter AmiId is configured to use the latest LTS Ubuntu AMI, so ideally you don’t need to modify this.

Media Nodes Autoscaling Group Configuration#

The number of Media Nodes can scale up or down based on the system load. You can configure the minimum and maximum number of Media Nodes and a target CPU utilization to trigger the scaling up or down.

Media Nodes Autoscaling Group Configuration

The parameters in this section may look like this:

The InitialNumberOfMediaNodes parameter specifies the initial number of Media Nodes to deploy. The MinNumberOfMediaNodes and MaxNumberOfMediaNodes parameters specify the minimum and maximum number of Media Nodes that you want to be deployed.

The ScaleTargetCPU parameter specifies the target CPU utilization to trigger the scaling up or down. The goal is to keep the CPU utilization of the Media Nodes close to this value. The autoscaling policy is based on Target Tracking Scaling Policy.

VPC Configuration#

In this section, you need to specify the VPC and Subnet configuration for the deployment.

VPC Configuration

The parameters in this section may look like this:

The OpenViduVPC parameter specifies the VPC where the deployment will be created.

The OpenViduMasterNodeSubnet and OpenViduMediaNodeSubnet parameters specify the subnets where the Master and Media Nodes will be deployed. All of them must be in the previously specified OpenViduVPC.

Warning

You must use public subnets for the Master Nodes and Media Nodes and have enabled the auto-assign public IP option.

(Optional) TURN server configuration with TLS#

This section is optional. It is useful when your users are behind a restrictive firewall that blocks UDP traffic. This parameter will only works if you are using letsencrypt or owncert as the CertificateType parameter.

TURN server configuration with TLS

The parameters in this section may look like this:

Set the TurnDomainName parameter to the domain name you intend to use for your TURN server. It should be pointing to the PublicElasticIP specified in the previous section.

If you are using letsencrypt as the CertificateType parameter, you can leave the TurnOwnPublicCertificate and TurnOwnPrivateCertificate parameters empty. If you are using owncert, you need to specify the URLs where the public and private certificates are hosted.

Deploying the Stack#

When you are ready with your CloudFormation parameters, just click on "Next", specify in "Stack failure options" the option "Preserve successfully provisioned resources" to be able to troubleshoot the deployment in case of error, click on "Next" again, and finally "Submit".

When everything is ready, you will see the following links in the "Outputs" section of CloudFormation:

CloudFormation Outputs

Configure your Application to use the Deployment#

The Output Key ServicesAndCredentials of the previous section points to an AWS Secret Manager secret that contains all URLs and credentials to access the services deployed. You can access the secret by clicking on the link in the Output Value column.

Then, click on Retrieve secret value to get the JSON with all the information.

To point your applications to your OpenVidu deployment, check the values of the JSON secret. All access credentials of all services are defined in this object.

Your authentication credentials and URL to point your applications would be:

Applications developed with LiveKit SDK:
- URL: The value in .env of DOMAIN_NAME as a URL. It could be wss://openvidu.example.io/ or https://openvidu.example.io/ depending on the SDK you are using.
- API Key: The value in .env of LIVEKIT_API_KEY
- API Secret: The value in .env of LIVEKIT_API_SECRET
Applications developed with OpenVidu v2:
- URL: The value in .env of DOMAIN_NAME as a URL. For example, https://openvidu.example.io/
- Username: OPENVIDUAPP
- Password: The value in .env of LIVEKIT_API_SECRET

Troubleshooting Initial CloudFormation Stack Creation#

If something goes wrong during the initial CloudFormation stack creation, your stack may reach the CREATE_FAILED status for multiple reasons. It could be due to a misconfiguration in the parameters, a lack of permissions, or a problem with the AWS services. When this happens, the following steps can help you troubleshoot the issue and identify what went wrong:

While deploying the stack, make sure at "Stack failure options" you have selected the option "Preserve successfully provisioned resources" to be able to troubleshoot the deployment in case of an error.

Disable Rollback on failure
Check if the EC2 instance or instances are running. If they are not, check the CloudFormation events for any error messages.
If the EC2 instance or instances are running, SSH into the instance and check the logs of the following files:
- /var/log/cloud-init-output.log
- /var/log/cloud-init.log
These logs will give you more information about the CloudFormation stack creation process.
If everything seems fine, check the status and the logs of the installed OpenVidu services in the Master Node and Media Nodes.

Configuration and administration#

When your CloudFormation stack reaches the CREATE_COMPLETE status, your OpenVidu Elastic deployment is ready to use. You can check the Configuration and Administration section to learn how to manage your OpenVidu Elastic deployment.