AWS Media Blog

RTMPS Streaming with AWS

Introduction

This blog post demonstrates how to send an RTMPS steam to AWS Elemental MediaLive. RTMPS is a variation of RTMP that uses extra security encryption to ensure that a video stream is not intercepted by an unauthorized entity. The extra layer of security in RTMPS can be either TSL or SSL encryption.

RTMPS can often be used interchangeably with RTMP, as long as it is supported by your chosen broadcasting tools. It is particularly useful for broadcasting on a public network. That’s why this protocol is popular for streaming from a mobile device. Broadcasters prefer RTMPS in many situations because of the added security that it provides.

If you prefer to use RTMPS over RTMP, it is important that all of your tools are compatible and that your settings are properly configured. This blog post illustrates how to create an RTMPS streaming solution with Amazon Web Services (AWS).

Architecture overview

A diagram is shown picturing the following: An RTMPS stream is pushed into AWS Cloud using a URL hosted on Amazon Route 53. The steam is then handled using a Network Load Balancer which pushes the RTMP stream into AWS Elemental Media Live. The steam is converted into HLS and send to AWS Elemental MediaPackage for Just in Time processing.

Overview

  1. Set up new inputs in AWS Elemental MediaLive
  2. Create a channel in AWS Elemental MediaPackage
  3. Create a channel in AWS Elemental MediaLive
  4. Configure a Target Group
  5. Create a Load Balancer with TLS termination
  6. Configure Amazon Route 53 to route traffic to the Network Load Balancer
  7. Configure O for RTMPS Streaming
  8. Start streaming live video
  9. Cleaning up

Prerequisites

To perform this procedure, the following are required:

Before diving in, we recommend familiarizing yourself with the services used throughout this post.

Cost disclaimer

The AWS resources needed to build this workflow are not covered by the Free Tier, so you will incur additional cost while running. You are responsible for the cost of the AWS services used while running this workflow. Remember to clean up your resources once finished to avoid charges due to long-running resources.

Step 1: Set up new inputs in AWS Elemental MediaLive

  1. In a new browser tab or window, log in to the AWS Elemental MediaLive console for the same region where you will be using MediaLive
  2. Open the Input Listing page:
    1. If the standard service page appears, choose Inputs from the navigation panel on the left side
    2. If the service landing page appears, expand the left-hand menu by choosing the three horizontal lines near the top just below the AWS icon. Choose Inputs.
  3. Choose Create Input. The Create input page appears:

AWS Elemental MediaLive create input screen

4. Complete the fields:

    • Input name: Assign a meaningful name
    • Input type: Choose RTMP (push)
    • Network mode: Choose VPC

5. In the VPC settings section, select the Subnets and Security groups. Note that these must be in the same VPC as your Network Load Balancer, which you will create in Step 4 and 5.

AWS Elemental MediaLive VPC settings

6. Use an existing Role ARN if one already exists. Otherwise select ‘Create role from template’.

7. In the Input destinations section, choose SINGLE_PIPELINE for Channel class, then enter application name and application instance (stream name) in the fields provided. Make a note of these as they will be required for Step 7 in configuring OBS.

AWS Elemental MediaLive input destinations settings

8. Choose Create. The new input appears in the list of inputs.

9. Open the detail page for the newly created inputs, and make a note of the endpoint URL and Port

AWS Elemental MediaLive endpoint settings

Step 2: Create a channel in AWS Elemental MediaPackage

In order to create your AWS Elemental MediaLive channel, you must have a destination for that channel’s output. For this example, we will use AWS Elemental MediaPackage as the destination.

  1. Log in to the AWS Elemental MediaPackage console for the same region you just used to create your AWS Elemental MediaLive inputs
  2. If you have previously created channels in MediaPackage, the channel listing view appears. If not, the introductory landing page appears.
    • From the landing page, enter a unique channel name and choose Next Step
    • From the Channel Listing page, choose Create Channel
  3. For either case, you should now see the Create channel page:

AWS Elemental MediaPackage create channel page

4. Add a description if desired. There is an option to create an Amazon CloudFront distribution to work with this channel. For production workloads it is important to place a content distribution network (CDN) in front of the MediaPackage endpoints. In this example, we will not be using a CloudFront distribution, so select Do not create a CloudFront distribution for this channel. Choose Create to save and create the channel. The channel detail page appears. Make a note of the ID as you need it when creating your AWS Elemental MediaLive channel.

Test channel description

5. Just below the channel detail tile choose Add endpoints to create an appropriate endpoint to be able to view your channel. For this example, it is sufficient to create a simple HLS endpoint. Give it a unique name in the ID field and choose Save to create the endpoint.

AWS Elemental MediaPackage channel endpoint settings

6. When the MediaLive channel is up and running you can point an HLS compatible player or browser at the endpoint to view the channel. You can also preview it from inside the MediaPackage console.

Step 3: Create a channel in AWS Elemental MediaLive

  1. Switch back to the AWS Elemental MediaLive console
  2. From the left-hand column, choose Channels, then choose Create channel. The Create channel page appears.
  3. For Channel name, type a meaningful identifier for the channel
  4. In the Channel template section at the bottom, choose HTTP Live Streaming (MediaPackage). The Channel navigation panel shows:
    • One output group named MediaPackage group 
    • Ten outputs that all belong to that output group
  5. In the IAM role section, take the appropriate action:
    • If the Create role from template option is enabled, select that option and choose Create IAM role. This creates the role. Once you complete the creation process, the role is automatically selected from the Use existing role drop-down.
    • If the Create role from template option is grayed out, select Use existing role and then select MediaLiveAccessRole from the dropdown

AWS Elemental MediaLive create channel settings

6. Under Channel class choose SINGLE_PIPELINE

7. Under Input specifications, choose the Input codec (AVC for our example settings), Input resolution (select HD for our example), and Maximum input bitrate (use MAX_10_MBPS in our example)

8. In the left-hand column, next to Input attachments, choose the Add The Attach input card appears to the right. Choose the input you created earlier from the drop-down and then choose Confirm.

AWS Elemental MediaLive attach input settings

9. In the left-hand column, navigate to “output groups” and choose the group named MediaPackage group. The Output Group details appear to the right.

10. In the MediaPackage destination section, copy and paste the MediaPackage ID from the channel you created earlier.

11. Delete the captions output. This channel template includes a WebVTT captions output. Since we didn’t define a caption selector on the input or configure captions on the source appliance, we don’t need it. Navigate to the MediaPackage outputs section and choose the X to the right of Output 10 (_webvtt) to delete the captions output.

12. Choose Create channel. The page with the list of channels appears, showing the new channel. The status of the channel changes from Creating to Idle.

13. On the Channels page, choose the radio button next to your new channel. The buttons along the top are enabled. Choose Start. The channel state changes to Starting, and then to Running.

AWS Elemental MediaPackage create channel settings

Step 4: Configure a target group

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
  2. In the left navigation pane, under Load Balancing, choose Target Groups
  3. Choose Create target group
  4. Basic configuration
    1. For Choose a target type, select IP addresses
    2. For Target group name, enter a name for the target group
    3. For Protocol, choose TCP and enter the Port of the MediaLive Input you created in Step 1
    4. For VPC, ensure you select the same virtual private cloud (VPC) where your MediaLive Input was created in Step 1

EC2 Load Balancer configuration page

5. In the Health checks section, choose TCP for the Health check protocol

6. Choose Next

7. In the Register targets page, select the network, enter the IP address and Port of the MediaLive Input you created in Step 1 and then choose Include as pending below

8. Choose Create target group

EC2 Load Balancer target groups

Step 5: Create a Load Balancer with TLS termination

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
  2. In the navigation pane, under Load Balancing, choose Load Balancers
  3. Choose Create Load Balancer
  4. Under Network Load Balancer, choose Create
  5. Basic configuration 
    • For Load balancer name, enter a name for your load balancer
    • For Scheme, choose Internet-facing
    • For IP address type, choose IPv4EC2 Load Balancer configuration page
  6. Network Mapping
    • For VPC, ensure you select the same virtual private cloud (VPC) where your MediaLive Input was created in Step 1
    • For Mappings, select one or more Availability Zones. In our example, we are going to select us-east-1a. Under Private IPv4 address, select ‘Assigned by AWS
  7.  Listeners and routing
    • Under Protocol, select TLS and enter an appropriate Port Make a note of the port number
    • For Default action, select the target group you created earlier in Step 4EC2 Load Balancer configuration page
  8. Secure listener settings
    • Choose a Security policy that meets your requirements
    • For Default SSL certificate, choose From ACM and select a certificate. If you don’t have a certificate that is available to choose, you can import a certificate into ACM, or use ACM to provision one for you. For more information, please refer to this guide: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html
    • For ALPN policyselect HTTP2Preferred
  9. Review your configuration, and choose Create load balancer
  10. After the load balancer is created, select the newly created load balancer, choose Description, and make a note the DNS name of the load balancer
  11. Verify the status of your registered target. In the left navigation pane, under Load Balancing, choose Target Groups and select the target group you created in Step 4. Click on the Targets tab and ensure the Health Status is showing as ‘healthy’.

EC2 Load Balancer target groups

EC2 Load Balancer targets

Step 6: Configure Amazon Route 53 to route traffic to the Network Load Balancer

  1. Open the Route 53 console at https://console.aws.amazon.com/route53/
  2. In the navigation pane, choose Hosted zones
  3. Choose the name of the hosted zone that has the domain name that you want to use to route traffic to your load balancer
  4. Choose Create record
  5. Set the appropriate Routing policy. For this example, we have chosen ‘Simple routing’. Then hit Next
  6. Choose Define simple record.
    1. Record name– enter an appropriate name
    2. Record type – select ‘A – Routes traffic to an IPv4 address with some AWS resources’
    3. Value/Route traffic to – select ‘Alias to Network Load Balancer’
    4. Select the appropriate region where you set up the Network Load Balancer
    5. Choose the Network Load Balancer created in Step 5.
  7. Select Define simple record Amazon Route53 DNS
  8. Choose Create records
  9. In the Records page, make a note of the Record name you just created that is routing traffic to the Network load balancer

Amazon Route 53 records

Step 7: Configure OBS for RTMPS Streaming

  1. Launch OBS Studio on the source system
  2. Choose Settings to open the settings window
  3. Choose Stream to access the streaming settings and complete the fields:
    • For Service, choose Custom
    • For Server, the format will be as follows: rtmps://<<NLB Record name>>:<<Listener port number>>/<<Application name>>/
      • Retrieve the NLB Record name created in Step 6
      • Retrieve the Listener port number created in Step 5 and Application name created in Step 1
    • For Stream Key,retrieve the Application instance created in Step 1
    • Leave the Use authentication box unchecked
    • Choose OK

Open Broadcast Systems (OBS) stream configuration settings

Step 8: Start streaming video

You must start the event on OBS and the AWS Elemental MediaLive channel in the correct order. This example uses RTMPS, so you must start the AWS Elemental MediaLive channel first.

  • In AWS Elemental MediaLive, on the Channels page, ensure that the channel state is Running
    • If it is not, choose the radio button next to your new channel. The buttons along the top are enabled
    • Choose Start. The channel state changes to Starting, and then to Running
  • Switch to OBS and start the stream connection. Video should begin streaming from OBS through to AWS Elemental MediaLive and then to AWS Elemental MediaPackage.
  • To view your video stream, open AWS Elemental MediaPackage console and choose Channels
  • Choose the channel you created in Step 2
  • Under Endpoints, choose Play
  • A window will appear showing a preview of your stream

AWS Elemental Live player

Step 9: Cleaning up

At the end of your live stream, don’t forget to stop your MediaLive channel.

To stop your MediaLive Channel:

  1. Open the MediaLive console
  2. On the Channels page, choose the channel that you want to stop
  3. Choose Stop

To avoid incurring future charges, delete the resources that have been created by following this blog post, including the Network Load Balancer, Target Groups, MediaLive Channel, and MediaPackage Channel.

Conclusion

In this blog post, we demonstrated how to send an RTMPS steam to AWS Elemental MediaLive. We set up a live streaming workflow using OBS Studio for the contribution feed, pushing an RTMPS stream to a domain name set up on Amazon Route 53. This was authenticated using a public certificate using AWS Certificate Manager. A Network Load Balancer was set up with TLS termination, then routed the steam to AWS Elemental MediaLive which encoded the live video stream in real-time, compressing it into smaller versions for distribution into AWS Elemental MediaPackage to convert video content from a single format to multiple formats and securely package it for different device types.

Mandeep Sehmi

Mandeep Sehmi

Mandeep is a Senior Partner Solutions Architect at AWS.