From e66e5a23e1839e170829a7a36aa665fae608d80a Mon Sep 17 00:00:00 2001
From: cruizba <carlos.ruizbal@gmail.com>
Date: Fri, 13 Jun 2025 22:02:13 +0200
Subject: [PATCH] openvidu-deployment: - HA - Open port 5349 in media nodes for
 master nodes if Turn Domain is not configured

---
 openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml
index ff14ddec..82ee0eea 100644
--- a/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml
+++ b/openvidu-deployment/pro/ha/aws/cf-openvidu-ha.yaml
@@ -416,6 +416,7 @@ Metadata:
 
 Conditions:
   TurnTLSIsEnabled: !Or [!Not [!Equals [!Ref TurnDomainName, ""]], !Not [!Equals [!Ref TurnCertificateARN, ""]]]
+  TurnTLSIsNotEnabled: !Or [!Equals [!Ref TurnDomainName, ""], !Equals [!Ref TurnCertificateARN, ""]]
   CreateRecordingsBucket: !Equals [!Ref S3AppDataBucketName, ""]
   CreateClusterDataBucket: !Equals [!Ref S3ClusterDataBucketName, ""]
 
@@ -2104,6 +2105,7 @@ Resources:
 
   OpenViduLoadBalancerTurnTLSToMediaNodeIngressSG:
     Type: AWS::EC2::SecurityGroupIngress
+    Condition: TurnTLSIsEnabled
     Properties:
       GroupId: !Ref OpenViduMediaNodeSG
       IpProtocol: tcp
@@ -2111,6 +2113,16 @@ Resources:
       ToPort: 5349
       SourceSecurityGroupId: !Ref OpenViduTurnTLSLoadBalancerSG
 
+  OpenViduLoadBalancerTurnTLSMasterNodeToMediaNodeIngressSG:
+    Type: AWS::EC2::SecurityGroupIngress
+    Condition: "TurnTLSIsNotEnabled"
+    Properties:
+      GroupId: !Ref OpenViduMediaNodeSG
+      IpProtocol: tcp
+      FromPort: 5349
+      ToPort: 5349
+      SourceSecurityGroupId: !Ref OpenViduMasterNodeSG
+
   OpenViduLoadBalancerTurnTLSToMediaNodeHealthCheckSG:
     Type: AWS::EC2::SecurityGroupIngress
     Condition: TurnTLSIsEnabled