From 9a5188d6208a2bbd2a406fe75e92d3ba14454bb4 Mon Sep 17 00:00:00 2001
From: David Zhao <david@davidzhao.com>
Date: Sun, 11 Apr 2021 00:01:06 -0700
Subject: [PATCH] update ECS deploy to turn on ICE TCP

---
 deploy/aws-ecs/config.tf     | 7 ++++++-
 deploy/aws-ecs/main.tf       | 7 ++++++-
 deploy/aws-ecs/networking.tf | 8 ++++++++
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/deploy/aws-ecs/config.tf b/deploy/aws-ecs/config.tf
index a1eca5806..32714f749 100644
--- a/deploy/aws-ecs/config.tf
+++ b/deploy/aws-ecs/config.tf
@@ -4,6 +4,7 @@ locals {
     rtc = {
       port_range_start = var.udp_port_start
       port_range_end = var.udp_port_end
+      ice_tcp_port = var.ice_tcp_port
     }
     turn = {
       enabled = var.turn_enabled
@@ -20,7 +21,7 @@ locals {
   }
 
   // mapping contains only the main listening ports
-  // other UDP ports don't have to be mapped, due to
+  // other UDP ports don't have to be mapped, due to using host-mode
   port_mapping = [
     {
       containerPort = var.http_port
@@ -34,6 +35,10 @@ locals {
       containerPort = var.turn_udp_port
       protocol = "udp"
     },
+    {
+      containerPort = var.ice_tcp_port
+      protocol = "tcp"
+    }
   ]
 
   task_config = [{
diff --git a/deploy/aws-ecs/main.tf b/deploy/aws-ecs/main.tf
index 1eb3915be..ec77f949a 100644
--- a/deploy/aws-ecs/main.tf
+++ b/deploy/aws-ecs/main.tf
@@ -80,6 +80,11 @@ variable "udp_port_end" {
   default = 11000
 }
 
+variable "ice_tcp_port" {
+  type = number
+  default = 7881
+}
+
 variable "api_keys" {
   type = map(string)
 }
@@ -91,7 +96,7 @@ variable "redis_address" {
 
 variable "turn_enabled" {
   type = bool
-  default = true
+  default = false
 }
 
 variable "turn_tcp_port" {
diff --git a/deploy/aws-ecs/networking.tf b/deploy/aws-ecs/networking.tf
index 0dc990334..1f367b6dc 100644
--- a/deploy/aws-ecs/networking.tf
+++ b/deploy/aws-ecs/networking.tf
@@ -15,6 +15,14 @@ resource "aws_security_group" "main" {
     cidr_blocks = ["0.0.0.0/0"]
   }
 
+  ingress {
+    description = "TCP port for ICE"
+    from_port   = var.ice_tcp_port
+    to_port     = var.ice_tcp_port
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
   ingress {
     description = "UDP port for TURN"
     from_port   = var.turn_port_start