A terraform module for Quortex infrastructure RTMP loadbalancer.
This module provides the resources needed to deploy the Quortex RTMP(S) loadbalancer stack on AWS.
It allows you to provision :
- A Classic Load Balancer to distributes RTMP(S) incoming traffic across multiple targets.
- A Route 53 record alias to the Load Balancer.
- An optional SSL certificate managed by Certificate Manager for RTMPS ssl termination.
- A bucket with configurable lifecycle rules to store Load Balancer access logs.
- A set of security group (rules) to handle permissions.
module "rtmp_loadbalancer" {
source = "git@github.com:quortex/terraform-aws-rtmp-loadbalancer.git?ref=main"
name = "${terraform.workspace}-rtmp-loadbalancer"
vpc_id = module.network.vpc_id
vpc_cidr = module.network.vpc_cidr_block
subnet_ids = module.network.public_subnet_ids
rtmp_backend_ingress_port = var.rtmp_loadbalancer_backend_ingress_port
rtmp_backend_security_group_id = module.eks.cluster_security_group_id
access_logs_enabled = true
access_logs_expiration = 2
access_logs_force_destroy = true
dns_hosted_zone_id = var.hosted_zone_id
dns_record = "rtmp.${terraform.workspace}"
ssl_certificate_domain_name = "rtmp.${terraform.workspace}.${var.hosted_zone_domain_name}"
tags = local.tags
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | A name from which the name of the resources will be chosen. Note that each resource name can be set individually. | string |
n/a | yes |
| vpc_id | ID of the VPC in which the resources should be deployed. | string |
n/a | yes |
| vpc_cidr | The CIDR for the VPC. | string |
n/a | yes |
| subnet_ids | The IDs of the subnets where resources should be placed. | list(string) |
[] |
no |
| elb_name | Override the ELB name. | string |
"" |
no |
| elb_cross_zone_load_balancing | Enable cross-zone load balancing. | bool |
false |
no |
| elb_idle_timeout | The time in seconds that the connection is allowed to be idle. | number |
60 |
no |
| elb_connection_draining | Boolean to enable connection draining. | bool |
true |
no |
| elb_connection_draining_timeout | The time in seconds to allow for connections to drain. | number |
300 |
no |
| elb_health_check_healthy_threshold | The number of checks before the instance is declared healthy. | number |
6 |
no |
| elb_health_check_unhealthy_threshold | The number of checks before the instance is declared unhealthy. | number |
2 |
no |
| elb_health_check_timeout | The interval between checks. | number |
5 |
no |
| elb_health_check_interval | The length of time before the check times out. | number |
10 |
no |
| elb_security_group_name | Override the ELB security group name. | string |
"" |
no |
| elb_ingress_cidr_blocks_rtmp | CIDRs to allow for the rtmp ingress. | list(string) |
[ |
no |
| elb_ingress_cidr_blocks_rtmps | CIDRs to allow for the rtmps ingress. | list(string) |
[ |
no |
| rtmp_backend_ingress_port | The rtmp backend ingress port (envoy port for rtmp). | string |
n/a | yes |
| rtmp_backend_security_group_id | The rtmp backend security group id (used to allow ingress on rtmp_backend_ingress_port). | string |
n/a | yes |
| rtmp_backend_autoscaling_group_name | The rtmp backend ASG name. | string |
n/a | yes |
| access_logs_enabled | Wether to enable elb access logs or not. | bool |
false |
no |
| access_logs_bucket_name | Override the access logs bucket name. | string |
"" |
no |
| access_logs_bucket_prefix | The access logs bucket prefix. Logs are stored in the root if not configured. | string |
null |
no |
| access_logs_interval | The publishing interval in minutes. | number |
60 |
no |
| access_logs_expiration | Specifies the number of days for which access logs are kept (indefinitely if not specified). | number |
null |
no |
| access_logs_force_destroy | A boolean that indicates all objects should be deleted from the access logs bucket so that the bucket can be destroyed without error. These objects are not recoverable. | bool |
false |
no |
| rtmps_enabled | Wether to enable rtmps. If set to true, a certificate will be created in certificate manager as well as load balancer configuration to perform ssl termination. | bool |
true |
no |
| create_cert | Should the certificate be created by the module. If not, you must provide var.ssl_certificate_arn. | bool |
true |
no |
| dns_hosted_zone_id | The ID of the hosted zone in Route53, under which the DNS record should be created. | string |
n/a | yes |
| dns_record | The domain name record to add in zone defined by dns_hosted_zone_id for alias on elb dns name. | string |
"rtmp" |
no |
| ssl_certificate_arn | The ARN identifier of an existing Certificate in AWS Certificate Manager, to be used for RTMPS requests. If not defined, a new certificate will be issued and validated in the AWS Certificate Manager. | string |
null |
no |
| ssl_certificate_name | Override the cert manager certificate name. | string |
"" |
no |
| ssl_certificate_domain_name | The complete domain name that will be written in the TLS certificate. Can include a wildcard. Required for rtmps. | string |
null |
no |
| tags | Tags to apply to resources. A list of key->value pairs. | map(any) |
{} |
no |
| enable_bucket_encryption | Should the created bucket be encrypted using SSE-S3. | bool |
true |
no |
| Name | Description |
|---|---|
| dns_record | The DNS record for the RTMP endpoint |
Got a question?
File a GitHub issue.