diff --git a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml
index ff14ddec..82ee0eea 100644
--- a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml
+++ b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml
@@ -416,6 +416,7 @@ Metadata:
 
 Conditions:
   TurnTLSIsEnabled: !Or [!Not [!Equals [!Ref TurnDomainName, ""]], !Not [!Equals [!Ref TurnCertificateARN, ""]]]
+  TurnTLSIsNotEnabled: !Or [!Equals [!Ref TurnDomainName, ""], !Equals [!Ref TurnCertificateARN, ""]]
   CreateRecordingsBucket: !Equals [!Ref S3AppDataBucketName, ""]
   CreateClusterDataBucket: !Equals [!Ref S3ClusterDataBucketName, ""]
 
@@ -2104,6 +2105,7 @@ Resources:
 
   OpenViduLoadBalancerTurnTLSToMediaNodeIngressSG:
     Type: AWS::EC2::SecurityGroupIngress
+    Condition: TurnTLSIsEnabled
     Properties:
       GroupId: !Ref OpenViduMediaNodeSG
       IpProtocol: tcp
@@ -2111,6 +2113,16 @@ Resources:
       ToPort: 5349
       SourceSecurityGroupId: !Ref OpenViduTurnTLSLoadBalancerSG
 
+  OpenViduLoadBalancerTurnTLSMasterNodeToMediaNodeIngressSG:
+    Type: AWS::EC2::SecurityGroupIngress
+    Condition: "TurnTLSIsNotEnabled"
+    Properties:
+      GroupId: !Ref OpenViduMediaNodeSG
+      IpProtocol: tcp
+      FromPort: 5349
+      ToPort: 5349
+      SourceSecurityGroupId: !Ref OpenViduMasterNodeSG
+
   OpenViduLoadBalancerTurnTLSToMediaNodeHealthCheckSG:
     Type: AWS::EC2::SecurityGroupIngress
     Condition: TurnTLSIsEnabled