Written by Clarisse Eynard, Software Engineer at TrackIt
Media organizations today face the challenge of handling vast amounts of video, image, and audio content efficiently. From ingesting raw assets to enriching them with metadata and distributing them to global audiences, the workflows involved are complex and resource-intensive. To address these challenges, AWS provides Media2Cloud, a reference solution designed to automate and streamline media workflows at scale.
Media2Cloud ingests content, applies AI/ML services for analysis and enrichment, and prepares assets for efficient distribution. It is a turnkey solution that reduces the time needed to build a robust media supply chain, while offering flexibility to integrate with existing pipelines. Traditionally, AWS distributes Media2Cloud as a ready-to-use CloudFormation template, which sets up the required components in a single deployment.
While CloudFormation is powerful and fully supported by AWS, many organizations either already rely on Terraform for infrastructure as code (IaC) and want to keep their environments uniform, or choose Terraform because of its broad provider ecosystem, multi-cloud capabilities, and seamless integration with CI/CD workflows.
Instead of rewriting the entire Media2Cloud architecture natively in Terraform, a more pragmatic approach is to wrap the CloudFormation template in Terraform. This is possible using the aws_cloudformation_stack resource, which allows Terraform to manage the lifecycle of a CloudFormation stack as part of a broader Terraform-managed environment. This ensures consistency, visibility, and control, without waiting for a native Terraform module for Media2Cloud.
Contents
Two Ways to Customize Media2Cloud with Terraform
When it comes to integrating Media2Cloud into a Terraform-based environment, there are two possible approaches, each with distinct trade-offs:
1. Full Terraform Translation
This approach involves rewriting the entire Media2Cloud CloudFormation template in pure Terraform code, utilizing native Terraform resources.
| Strengths | Weaknesses |
Provides full infrastructure transparency, with every AWS resource explicitly defined in Terraform. Enables native state management for improved dependency tracking and drift detection. Ensures a single Infrastructure-as-Code (IaC) language across all components, simplifying team workflows and CI/CD integration. Offers fine-grained customization of individual components and smooth integration with existing Terraform modules. | Requires significant initial effort to accurately translate hundreds of CloudFormation resources. Involves continuous maintenance as AWS updates to Media2Cloud must be manually replicated to maintain parity. Carries a risk of divergence from the official AWS implementation, potentially missing key fixes or optimizations. May receive limited AWS support due to deviation from the officially supported deployment model. Necessitates extensive testing to ensure complete functional equivalence with the original CloudFormation template. |
Below is an example of the deployment folder structure:
2. Terraform Wrapper (Recommended Approach)
This approach uses the aws_cloudformation_stack resource to deploy the official Media2Cloud CloudFormation template from within Terraform.
| Strengths | Weaknesses |
| Enables minimal deployment effort using the official, ready-to-use CloudFormation template. Automatically benefits from AWS updates, bug fixes, and optimizations without manual maintenance. Simplifies version management by allowing quick upgrades through template URL updates. Provides full Terraform state integration, ensuring lifecycle management (create, update, destroy) alongside other infrastructure. Eliminates translation errors and guarantees feature parity with the official AWS implementation. | Offers limited control over individual AWS resources within the CloudFormation stack. Keeps internal configurations abstracted, functioning as a black box. Requires forking and modifying the CloudFormation template for deep customization. Increases debugging complexity due to nested Terraform and CloudFormation contexts. |
Which Approach Should You Choose?
For most organizations, the Terraform wrapper approach is the pragmatic choice. It provides rapid deployment, maintains alignment with AWS’s official solution, and integrates seamlessly into Terraform workflows. This is the approach demonstrated in this guide.
The full Terraform translation approach should only be pursued in specific scenarios, such as when:
- Specific compliance requirements that mandate pure Terraform infrastructure
- Extensive customization needs that go beyond parameter configuration
- Dedicated engineering resources are available to maintain the translated implementation over time.
For detailed guidance on implementing Media2Cloud with native Terraform resources, refer to our comprehensive guide: AWS CloudFormation to Terraform Translation.
Solution Overview
Prerequisites
- An AWS account with the necessary privileges to create IAM roles and policies, access S3, and deploy resources via CloudFormation.
- AWS CLI installed and authenticated with sufficient permissions.
- Anthropic Claude 3 Haiku or Sonnet enabled via the Amazon Bedrock console under Manage model access.
- Terraform, jq, Docker and Nodejs 20.x installed and properly configured on the local environment.
- Docker daemon running locally to allow containerized operations.
Deployment Steps
Step 1: Building the Media2Cloud V4 Deployment Package
Media2Cloud requires building Lambda function packages and other artifacts before deployment. This step prepares all necessary files and uploads them to an S3 bucket.
Follow the steps from the AWS Solutions Library Samples repository:
1.1 Create an S3 Bucket for Artifacts
First, create an S3 bucket to store the Media2Cloud deployment artifacts. Skip this step if the plan is to reuse an existing bucket.
| aws s3api create-bucket –bucket yourname-artefact-bucket –region us-east-1 |
Note: If deploying to a region other than us-east-1, the –create-bucket-configuration LocationConstraint=your-region parameter must be added.
1.2 Clone and Build Media2Cloud
Clone the official AWS Solutions Library repository and build the deployment package:
| # Clone the repository git clone git@github.com:aws-solutions-library-samples/guidance-for-media2cloud-on-aws.git |
| # Navigate to the deployment directory cd guidance-for-media2cloud-on-aws/deployment |
| # Build the distribution (this may take 10-15 minutes) bash build-s3-dist.sh –bucket yourname-artefact-bucket –version vexemple –single-region > build.log 2>&1 & |
| # Monitor the build progress tail -f build.log |
What this does:
- Installs Node.js dependencies
- Packages Lambda functions
- Prepares CloudFormation templates
- Creates deployment artifacts
Parameters explained:
- –bucket: S3 bucket name (without s3:// prefix)
- –version: Version tag for this deployment (use a meaningful version like v4.0.0)
- –single-region: Optimizes for deployment in a single AWS region
1.3 Upload Artifacts to S3
Once the build completes successfully, upload all artifacts to the S3 bucket:
| bash deploy-s3-dist.sh –bucket yourname-artefact-bucket –version vexemple –single-region |
This uploads:
- CloudFormation templates
- Lambda function ZIP files
- Web application assets
- Configuration files
1.4 Locate the CloudFormation Template URL
Once uploaded, the template will be available at:
https://yourname-artefact-bucket.s3.amazonaws.com/media2cloud/v4.0.0/media2cloud.template
Save this URL – it will be required for the Terraform configuration outlined in Step 2.
Troubleshooting
Build fails with Node.js errors:
- Ensure Node.js 20.x is installed: node –version
- Install nvm if needed: curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
- Switch to Node 20: nvm install 20 && nvm use 20
Permission errors during S3 upload:
- Verify AWS credentials: aws sts get-caller-identity
- Ensure IAM user/role has S3 write permissions
Build takes too long:
- The first build can take 15-20 minutes due to npm package downloads
- Subsequent builds are faster due to caching
Step 2: Configure Parameters
In a separate directory, create a main.tf file to define the CloudFormation stack resource with the appropriate parameters:
| resource “aws_cloudformation_stack” “m2c” { name = “media2cloud-terraform-deploy” template_url = “https://yourname-artefact-bucket.s3.amazonaws.com/media2cloud/vexemple/media2cloud.template” parameters = { VersionCompatibilityStatement = “Yes, I understand and proceed” Email = “mail@exemple.com” DefaultAIOptions = “Recommended V4 features (v4.default)” OpenSearchCluster = “Development and Testing (t3.medium=0,m5.large=1,gp2=10,az=1)” PriceClass = “Use Only U.S., Canada and Europe (PriceClass_100)” StartOnObjectCreation = “NO” BedrockSecondaryRegionAccess = “North Virginia [US East] (us-east-1)” BedrockModel = “Anthropic Claude 3 Haiku” } capabilities = [“CAPABILITY_IAM”] } |
Understanding the Configuration Parameters
2.1. The Media2Cloud CloudFormation template accepts several parameters that control the behavior and features of the deployment. Below is a detailed explanation of each parameter:
Mandatory Parameters
| Parameter | Value | Description |
| VersionCompatibilityStatement | Yes, I understand and proceed | The version compatibility statement must be read and acknowledged before proceeding |
| your@email.com | Email address used to register with Amazon Cognito UserPool and to receive an invitation to the Media2Cloud web portal. |
Core Configuration Parameters
| Parameter | Example value | Options & description |
| DefaultAIOptions | Recommended V4 features (v4.default) | Controls which AI/ML features are enabled by default. Can be modified later via the Media2Cloud web portal Settings page |
| OpenSearchCluster | Development and Testing (t3.medium=0,m5.large=1,gp2=10,az=1) | For testing: Use single instance configurationFor production: Use multi-AZ configuration with appropriate instance types |
| PriceClass | Use Only U.S., Canada and Europe (PriceClass_100) | Amazon CloudFront price class. Choose based on your target audience geography:• PriceClass_100: US, Canada, Europe• PriceClass_200: Adds Asia, Middle East, Africa• PriceClass_All: All edge locations worldwide |
Ingestion & Storage Parameters
| Parameter | Example value | Options & description |
| StartOnObjectCreation | YES or NO | YES: Automatically process files when uploaded to the ingest bucket NO: Manual ingestion trigger required |
| UserDefinedIngestBucket | Leave blank or specify bucket name | Leave blank: Media2Cloud creates a new S3 bucket Specify bucket name: Connect an existing S3 bucket for ingestion |
Advanced AI/ML Parameters
| Parameter | Example value | Options & description |
| BedrockSecondaryRegionAccess | North Virginia [US East] (us-east-1) | Required for Generative AI features. Choose: • us-east-1 (North Virginia)• us-west-2 (Oregon) |
| BedrockModel | Anthropic Claude 3 Haiku | Generative AI model for content analysis: • Claude 3 Haiku: Faster, cost-effective for basic tasks• Claude 3 Sonnet: More capable for complex analysis Both models support text and image inputs |
Optional Advanced Features
| Parameter | Default | Description |
| EnableKnowledgeGraph | NO | YES: Enables Amazon Neptune graph database for visualizing relationships between content assetsNO: Standard deployment without graph capabilities |
| CidrBlock | 172.31.0.0/16 | Only applicable when EnableKnowledgeGraph is set to YES. Defines the VPC CIDR block for Neptune deployment |
Configuration Tips
- For development/testing: Use the default values shown above with a single OpenSearch instance
- For production:
- Upgrade to a Multi-AZ OpenSearch configuration
- Consider enabling Knowledge Graph if relationship visualization is required
- Set StartOnObjectCreation to YES for automated workflows
- Choose an appropriate CloudFront price class based on audience location
- Cost optimization: Start with Claude 3 Haiku and upgrade to Sonnet only if needed
- Email validation: Ensure the email address is valid and accessible, as it’s required for portal access
Important Notes
Template URL: Replace “https://yourname-artefact-bucket.s3.amazonaws.com/media2cloud/vexemple/media2cloud.template” with the actual S3 URL from Step 1
Bedrock Model Access: Before deployment, verify that the chosen Bedrock model (Claude 3 Haiku or Sonnet) is enabled in the Amazon Bedrock console under “Manage model access”
IAM Capabilities: The CAPABILITY_IAM capability is required because Media2Cloud creates IAM roles and policies
2.2. In the same folder, create a provider.tf file.
| provider “aws” { region = “us-east-1” } |
Step 3: Deploy with Terraform
Run the following commands in the project directory containing main.tf:
| terraform init |
| terraform apply -auto-approve |
Terraform provisions the CloudFormation stack, which in turn deploys all Media2Cloud resources. From the Terraform perspective, this deployment becomes part of the managed infrastructure state.
Expected outcome: Media2Cloud is deployed and operational, with Terraform maintaining the lifecycle of the CloudFormation stack.
Conclusion
Deploying Media2Cloud with Terraform is a practical way to bring AWS’s official solution into a broader Terraform workflow. It reuses the CloudFormation template while ensuring consistency, automation, and visibility in infrastructure management. This method bridges the gap until a native Terraform module becomes available, which would provide even greater control and integration.
About TrackIt
TrackIt is an international AWS cloud consulting, systems integration, and software development firm headquartered in Marina del Rey, CA.
We have built our reputation on helping media companies architect and implement cost-effective, reliable, and scalable Media & Entertainment workflows in the cloud. These include streaming and on-demand video solutions, media asset management, and archiving, incorporating the latest AI technology to build bespoke media solutions tailored to customer requirements.
Cloud-native software development is at the foundation of what we do. We specialize in Application Modernization, Containerization, Infrastructure as Code and event-driven serverless architectures by leveraging the latest AWS services. Along with our Managed Services offerings which provide 24/7 cloud infrastructure maintenance and support, we are able to provide complete solutions for the media industry.