Deliver Low-Latency HLS streams using Amazon EC2 and CloudFront

An Amazon CloudFront distribution is an HTTP caching infrastructure that enables you to distribute content by using a worldwide network of edge locations that provide low latency and high data-transfer speeds.

Wowza Streaming Engine™ media server software can be used as an HTTP caching origin to a CloudFront distribution edge for low latency live streams using the HLS protocols (LL-HLS). This guide describes how to configure the streaming applications in your EC2 instance and attach them to a CloudFront distribution optimized for low latency.

Note: To learn more about how Wowza Streaming Engine can be used as an origin to an HTTP caching infrastructure edge, such as a CloudFront distribution, see About HTTP caching origins.

Before you start


Before you start, set up Wowza Streaming Engine for an Amazon EC2 instance according to one of the following articles:

You should also be aware of the following limitations:

  • Trial licenses don't support using Wowza Streaming Engine as a caching origin.
     
  • At this time, live streams can't be delivered securely using CloudFront-signed URLs due to how player applications generate URL requests for the live stream data.

1. Add a Live HTTP Origin application


To use your Wowza Streaming Engine EC2 AMI with CloudFront, create a new Live HTTP Origin application in Wowza Streaming Engine Manager. The default settings of these application types work with CloudFront.

  1. Start Wowza Streaming Engine Manager by opening http://[instance-public-dns]:8088 in a supported web browser. We recommend using Chrome.
     
    Note: To use Wowza Streaming Engine Manager, the security group must be configured to open ports 8086-8088.
  2. Sign in with the preconfigured administrator account. The username is wowza and the password is the instance ID of the EC2 AMI. You can find the ID on the Instances page of the Amazon EC2 dashboard.
     
  3. Click the Applications tab, and then click Add Application in the contents panel.
     
  4. On the Add Application page, click Live HTTP Origin. This origin application type is designed for non-Wowza edge caching.

  1. In the New Application modal, add a name for your application, such as livehttporigin. Then click Add.
     
  2. Click Save to save the application with default values. The application is ready to use as an origin to an HTTP caching infrastructure.
    Note: HTTP origin applications support all HTTP streaming playback types by default. They don't support the RTMP and RTSP playback types.
  3. (Optional) To change the default application property values, complete the following steps:
    • Click the Properties tab. Then click HTTP Cache Origin in the Quick Links bar.
    • Click Edit and change the values of any of the HTTP Cache Origin properties.
    • Click Save and then restart the application.

To configure additional properties for the origin, see the property reference in Configure Wowza Streaming Engine as an HTTP caching origin.

2. Configure your live application


Follow the steps in this section to configure your HTTP Origin application to deliver LL-HLS streams. These steps enable transmuxing for CMAF packetization for LL-HLS delivery.

  1. First, follow these steps to Enable LL-HLS via your Application.xml file.
  2. In the Application.xml file you modified in Step 1, also add these properties within the <LiveStreamPacketizer>/<Properties> container element. Use the suggested values.
Name Type Value Description
cmafSegmentDurationTarget Integer 2000 For more, see the CMAF live packetization property reference.
cmafLLChunkDurationTargetVideo Integer 500 For more, see the Low-latency CMAF packetization property reference.
cmafLLChunkDurationTargetAudio Integer 500 For more, see the Low-latency CMAF packetization property reference.
Note: Make sure your encoder Group of Pictures (GOP) size is set to one or two seconds.

3. Create your CloudFront distribution


This section describes creating a CloudFront distribution that uses your Wowza Streaming Engine Manager application as an HTTP origin for live streaming.
 
  1. Sign in to the AWS Management Console.
  2. Open the Policies page in the CloudFront console.
  3. Select the Origin request tab, Create an LLHLS_Origin origin request policy based on the following image. Include the _HLS_skip, _HLS_part, and _HLS_msn query strings.

  1. Select the Cache tab. Create an LLHLS_Playlist cache policy based on the following image. Include the _HLS_skip_HLS_part, and _HLS_msn query strings. Set the TTL values as suggested:
  • Set Minimum TTL to 1 second.
  • Set Maximum TTL to 3600 seconds.
  • Set Default TTL to seconds.

  1. Select the Cache tab. Create an LLHLS_Data cache policy based on the following image. Include the _HLS_skip_HLS_part, and _HLS_msn query strings. Set the TTL values as suggested:
  • Set Minimum TTL to second.
  • Set Maximum TTL to 31536000 seconds.
  • Set Default TTL to 3600 seconds.

  1. Select the Response headers tab. Create an LLHLS_Response and enable CORS as shown in the following image:

  1. Click Create Distribution.
  2. On the Create distribution page:
    • For Origin Domain Name, enter the StreamLock DNS value for your EC2 instance.
    • For Viewer protocol policy, choose HTTPS Only.
    • For Allowed HTTP methods, choose GET, HEAD, OPTIONS.
  3. Configure the remaining settings on the Create distribution page, then click Create Distribution.

4. Configure your CloudFront distribution


The CloudFront distribution may take several minutes to create. You can track the creation progress in the Status column for the distribution. The Status value changes from InProgress to Deployed when the distribution is ready.

Once created, you can edit your CloudFront distribution to add specific behaviors for LL-HLS.

  1. To edit your distribution in the CloudFront console, go to the Behaviors tab.
  2. Configure Behaviors for these file paths:
  • /*.m3u8: Assign the LLHLS_Playlist cache policy.
  • /*.cmfa: Assign the LLHLS_Data cache policy.
  • /*.cmfv: Assign the LLHLS_Data cache policy.
  1. Set the allowed HTTP methods for all path patterns in Step 2 to GETHEAD, and OPTIONS.
  2. Assign LLHLS_Response and LLHLS_Origin policies to all path patterns in Step 2.

  1. After the distribution is deployed, note the distribution Domain Name value, which must be included in the playback URLs provided to clients. In the Test stream playback section, you must replace [cloudfront-domain-name] in the sample URLs with this value.

5. Publish a live stream to your live application


After configuring the HTTP caching origin and CloudFront distribution, publish a live stream to the HTTP origin application on the Wowza Streaming Engine EC2 instance. Refer to the following resources for help with publishing a live stream from various cameras and encoders to the Wowza Streaming Engine origin server:

Note: When configuring your live source, you must provide the public domain name or Public DNS key of your running EC2 instance.

6. Test stream playback


All HTTP requests made to the [cloudfront-domain-name] are routed to an appropriate CloudFront edge server based on load and geographic location.

The CloudFront edge server either serves the requested content from its local cache or pulls it from the Wowza Streaming Engine origin and caches it. Content is cached on CloudFront edge servers as defined by Cache-Control headers that are configured as part of the Wowza Streaming Engine application configuration. All path elements are passed from the CloudFront edge server to the Wowza Streaming Engine origin server.

When using the HLS streaming protocol with CloudFront delivery, the general URL syntax is:

http://[cloudfront-domain-name]/[application]/[app-instance]/[stream-name]/playlist.m3u8

Where each part of the URL can be described as follows:
 
  • [cloudfront-domain-name] is the CloudFront Domain Name value that is available after you create your CloudFront distribution. You can substitute the Wowza Streaming Engine origin domain name value to stream directly from the origin for testing purposes. For more information, see Troubleshoot your Wowza Streaming Engine CloudFront configuration.
  • [application] is the application name, such as livehttporigin.
     
  • [app-instance] is only needed if the [stream-name] contains path elements. In most cases, the default _definst_ app instance is automatically used when needed.
  • [stream-name] is the live stream name.

Streaming live streams

After you've configured a Wowza Streaming Engine livehttporigin application, any live stream that's published to it is available for CloudFront delivery. The stream is available through CloudFront via the following URL:

http://[cloudfront-domain-name]/livehttporigin/[stream-name]/playlist.m3u8

7. (Optional) Control CloudFront error caching


By default, when your origin returns an HTTP 4xx or 5xx status code, CloudFront caches the error response for five minutes. It then submits the next request for the object to your origin to see if the problem is resolved and the requested object is available.

This means that if a stream stops and restarts, it will take CloudFront five minutes to recover. You can change the Error Caching Minimum TTL setting for your CloudFront distribution. With this setting, you can specify the error caching duration for each 4xx and 5xx status code that CloudFront caches. We recommend changing this setting to 1 second to match the manifest caching duration.

For information on changing this setting, see Configure error response behavior.

8. (Optional) Delete your CloudFront distribution


For instructions about removing your CloudFront distribution, see Deleting a distribution.

More resources