--- AWSTemplateFormatVersion: '2010-09-09' Description: > This Cloudformation Template deploys the Coturn / Turn Server for the video and audio handling. Disclaimer: Not for production use. Demo and testing purposes only. Author: David Surey , Bastian Klein Parameters: BBBOperatorEMail: Description: E-Mail address to notify if there are any operational issues Type: String AllowedPattern: "([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\\]?)" ConstraintDescription: Must be a valid email address. Default: johndoe@example.com BBBNotificationTopic: Description: Topic to be used for alarm notifications Type: String BBBPublicApplicationSubnets: Description: Comma separated list of the appserver's subnets Type: CommaDelimitedList BBBTurnInstanceType: Description: Instance type for the turn server Type: String Default: t3a.medium AllowedValues: - t3a.micro - t3a.small - t3a.medium - t3a.large - t3a.xlarge - t3a.2xlarge - c5a.large - c5a.xlarge - c5a.2xlarge - c5a.4xlarge - c5a.8xlarge - c5a.12xlarge - c5a.16xlarge - c5a.24xlarge - m5a.large - m5a.xlarge - m5a.2xlarge - m5a.4xlarge - m5a.8xlarge - m5a.12xlarge - m5a.16xlarge - m5a.24xlarge - r5a.large - r5a.xlarge - r5a.2xlarge - r5a.4xlarge - r5a.8xlarge - r5a.12xlarge - r5a.16xlarge - r5a.24xlarge - t3.micro - t3.small - t3.medium - t3.large - t3.xlarge - t3.2xlarge - c5.large - c5.xlarge - c5.2xlarge - c5.4xlarge - c5.8xlarge - c5.12xlarge - c5.16xlarge - c5.24xlarge - m5.large - m5.xlarge - m5.2xlarge - m5.4xlarge - m5.8xlarge - m5.12xlarge - m5.16xlarge - m5.24xlarge - r5.large - r5.xlarge - r5.2xlarge - r5.4xlarge - r5.8xlarge - r5.12xlarge - r5.16xlarge - r5.24xlarge BBBTurnMaxInstances: Type: Number Description: Maximum number of turn server instance Default: 1 BBBTurnMinInstances: Type: Number Description: Minimum number of turn server instance Default: 1 BBBTurnDesiredInstances: Type: Number Description: Desired number of turn server instance Default: 1 BBBEnvironmentStage: Type: String Description: Select the appropriate environment AllowedValues: - stage - prod - dev BBBEnvironmentType: Description: 'Defines the environment type. Allowed values: scalable, single' Type: String AllowedValues: - scalable - single BBBTurnSecurityGroup: Description: Security Group that should be assigned for the turn server Type: String BBBHostedZone: Description: Hosted zone in which the DNS entries for the app servers should be created Type: String BBBDomainName: Description: Base domain name used for the instance Type: String BBBStackBucketStack: Description: S3 Bucket Stack that contains scripts and sources Type: String BBBSystemLogsGroup: Description: Log group to be used for the system logs Type: String BBBApplicationLogsGroup: Description: Log group to be used for the Application logs Type: String BBBSystemLogsGroupArn: Description: Log group to be used for the system logs Type: String BBBApplicationLogsGroupArn: Description: Log group to be used for the Application logs Type: String BBBLatestTurnAmiId: Description: AMI id that should be used for the turn server instaces Type: 'AWS::SSM::Parameter::Value' Default: 'bbbturnimageid' Resources: BBBTurnSecret: Type: AWS::SecretsManager::Secret Properties: Description: 'This is the BBB Database instance secret' GenerateSecretString: SecretStringTemplate: '{"turnkeyname": "turnsecretkey"}' GenerateStringKey: 'turnkeyvalue' PasswordLength: 16 ExcludePunctuation: 'true' BBBTurnHostnameParameter: Type: AWS::SSM::Parameter Properties: Name: turnhostname Type: String Value: placeholder Description: SSM Parameter for the variable part of the turn hostname BBBTurnAutoScaling: Type: AWS::AutoScaling::AutoScalingGroup Properties: VPCZoneIdentifier: !Ref BBBPublicApplicationSubnets LaunchTemplate: LaunchTemplateId: !Ref BBBTurnInstanceLaunchTemplate Version: !GetAtt BBBTurnInstanceLaunchTemplate.LatestVersionNumber TerminationPolicies: - DEFAULT MaxSize: !Ref BBBTurnMaxInstances MinSize: !Ref BBBTurnMinInstances DesiredCapacity: !Ref BBBTurnDesiredInstances NotificationConfiguration: TopicARN: Ref: BBBNotificationTopic NotificationTypes: - autoscaling:EC2_INSTANCE_LAUNCH - autoscaling:EC2_INSTANCE_LAUNCH_ERROR - autoscaling:EC2_INSTANCE_TERMINATE - autoscaling:EC2_INSTANCE_TERMINATE_ERROR CreationPolicy: ResourceSignal: Timeout: PT15M UpdatePolicy: AutoScalingReplacingUpdate: WillReplace: true BBBTurnEC2Role: Type: AWS::IAM::Role DependsOn: - BBBTurnHostnameParameter Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Principal: Service: [ ec2.amazonaws.com ] Action: [ "sts:AssumeRole" ] Path: / Policies: - PolicyName: TurnEC2Role PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: - route53:ChangeResourceRecordSets - route53:GetHostedZone - route53:ListResourceRecordSets Resource: !Sub "arn:aws:route53:::hostedzone/${BBBHostedZone}" - Effect: Allow Action: - ssm:GetParameters - secretsmanager:GetSecretValue Resource: - !Ref BBBTurnSecret - Effect: Allow Action: - s3:GetObject Resource: - !Sub "arn:aws:s3:::${BBBStackBucketStack}/*" - Effect: Allow Action: - ssm:PutParameter Resource: - !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/turnhostname" - Effect: Allow Action: - logs:PutLogEvents - logs:CreateLogStream - logs:DescribeLogStreams - logs:CreateLogGroup Resource: - !Ref BBBSystemLogsGroupArn - !Ref BBBApplicationLogsGroupArn ManagedPolicyArns: - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore BBBTurnEC2InstanceProfile: Type: AWS::IAM::InstanceProfile Properties: Path: / Roles: - !Ref BBBTurnEC2Role BBBTurnInstanceLaunchTemplate: Type: AWS::EC2::LaunchTemplate Properties: LaunchTemplateData: EbsOptimized: false IamInstanceProfile: Arn: !GetAtt BBBTurnEC2InstanceProfile.Arn ImageId: !Ref BBBLatestTurnAmiId InstanceType: !Ref BBBTurnInstanceType Monitoring: Enabled: true NetworkInterfaces: - AssociatePublicIpAddress: true DeviceIndex: 0 Groups: - !Ref BBBTurnSecurityGroup UserData: Fn::Base64: !Sub | #!/bin/bash -xe apt update -y while fuser /var/{lib/{dpkg,apt/lists},cache/apt/archives}/lock >/dev/null 2>&1; do sleep 1; done DEBIAN_FRONTEND='noninteractive' apt -y -o Dpkg::Options::='--force-confdef' -o Dpkg::Options::='--force-confold' full-upgrade apt autoremove -y apt autoclean while fuser /var/{lib/{dpkg,apt/lists},cache/apt/archives}/lock >/dev/null 2>&1; do sleep 1; done apt install -y git binutils python3-pip build-essential python-dev python-setuptools jq pip3 install -U awscli while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1; do sleep 1; done wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb dpkg -i -E ./amazon-cloudwatch-agent.deb # Adding cwagent user to all required groups usermod -a -G adm cwagent aws s3 cp s3://${BBBStackBucketStack}/turn-cwagent-config.json /tmp/turn-cwagent-config.json sed -i "s|SYSTEMLOGS_PLACEHOLDER|${BBBSystemLogsGroup}|g" /tmp/turn-cwagent-config.json sed -i "s|APPLICATIONLOGS_PLACEHOLDER|${BBBSystemLogsGroup}|g" /tmp/turn-cwagent-config.json sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c file:/tmp/turn-cwagent-config.json pip3 install https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-py3-latest.tar.gz # associate Elastic IP instance_ipv4=$(curl -s http://169.254.169.254/latest/meta-data/public-ipv4) instance_random=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 6 | head -n 1) instance_publichostname=tu-$instance_random instance_fqdn=$instance_publichostname.${BBBDomainName} aws ssm --region ${AWS::Region} put-parameter --name "${BBBTurnHostnameParameter}" --value "$instance_publichostname" --type String --overwrite # register in route53 wget --tries=10 https://github.com/barnybug/cli53/releases/download/0.8.18/cli53-linux-amd64 -O /usr/local/bin/cli53 sudo chmod +x /usr/local/bin/cli53 # create script for route53-handler aws s3 cp s3://${BBBStackBucketStack}/route53-handler.service /etc/systemd/system/route53-handler.service aws s3 cp s3://${BBBStackBucketStack}/route53-handler.sh /usr/local/bin/route53-handler.sh chmod +x /usr/local/bin/route53-handler.sh sed -i "s/INSTANCE_PLACEHOLDER/$instance_publichostname/g" /etc/systemd/system/route53-handler.service sed -i "s/ZONE_PLACEHOLDER/${BBBHostedZone}/g" /etc/systemd/system/route53-handler.service systemctl daemon-reload systemctl enable route53-handler systemctl start route53-handler turnsecret=$(aws secretsmanager get-secret-value --region ${AWS::Region} --secret-id ${BBBTurnSecret} --query SecretString --output text | jq -r .turnkeyvalue) sleep 1m x=1 while [ $x -le 5 ] do until host $instance_fqdn | grep -m 1 "has address $instance_ipv4"; do sleep 5 ; done x=$(( $x + 1 )) done wget -qO- https://ubuntu.bigbluebutton.org/bbb-install.sh | bash -s -- -c $instance_fqdn:$turnsecret -e ${BBBOperatorEMail} /usr/local/bin/cfn-signal -e $? --stack ${AWS::StackName} --resource BBBTurnAutoScaling --region ${AWS::Region} || true Outputs: BBBTurnSecret: Description: The Big Blue Button Turn Secret Key Value: Ref: BBBTurnSecret BBBTurnHostnameParameter: Description: The Parameter containing the Big Blue Button Turn Hostname Value: Ref: BBBTurnHostnameParameter BBBTurnEC2InstanceProfile: Description: Big Blue Button Turn Instance Profile Value: Ref: BBBTurnEC2InstanceProfile BBBTurnEC2Role: Description: Big Blue Button Turn Instance Role Value: Ref: BBBTurnEC2Role BBBTurnAutoScaling: Description: Big Blue Button Turn Instance Autoscaling Group Value: Ref: BBBTurnAutoScaling BBBTurnInstanceLaunchTemplate: Description: Big Blue Button Turn Instance Launch Template Value: Ref: BBBTurnInstanceLaunchTemplate