Leveraging the Soracom IoT Platform to Provision an RTSP Camera for Amazon Kinesis Video Streams

View of a Security camera targeting a detected intrusion - 3d rendering

In our increasingly connected world, the volume of video data captured by IoT devices like surveillance cameras is growing exponentially. Manually analyzing these vast feeds is impractical. Fortunately, the integration of Artificial Intelligence (AI) and Machine Learning (ML) is revolutionizing the way we process and interpret this visual information. These technologies, bolstered by the immense computational power of the cloud, enable automatic pattern identification, object recognition, and predictive analytics. As AI/ML-driven video analytics become more essential, the synergy between IoT and cloud computing underscores the future of efficient visual data processing.

The current generation of off-the-rack cameras that claim to be “cloud-capable” are actually tightly integrated into their vendors’ vertical cloud applications and require wholesale replacement of existing hardware to take advantage of these capabilities. However, the standard RTSP protocol is already widely used in various IP camera products, making them easy to integrate within a tech stack. The ability to securely connect existing RTSP cameras to the cloud opens the door to advanced monitoring and analysis capabilities without needing to change your entire setup to accommodate them.

This blog will show how Soracom IoT connectivity can be harnessed to provision an RTSP camera for AWS Kinesis Video Streams (KVS) using Soracom’s media transfer service Soracom Relay.

I. What Soracom Brings to the Table 

Soracom is a global IoT cellular and satellite connectivity provider designed to empower IoT and M2M (Machine-to-Machine) communication with a telecommunications core built entirely on AWS. This architecture leverages AWS global infrastructure to optimize scalability and availability, and Soracom’s suite of tools and features is designed to increase security, scalability, and capability by integrating seamlessly with AWS services and functions.

A single Soracom IoT SIM (or eSIM) gives users access to a global, multicarrier IoT cellular network while routing and managing their data privately through Soracom’s virtualized packet gateway in the cloud. Soracom users can create secure, direct pipelines between IoT devices and their preferred AWS services, turn off all external access to the public internet (by enabling VPC peering directly from Soracom to their AWS VPC), and even automate data ingestion to speed up data integration.

Users of RTSP-enabled network cameras will be particularly interested in Soracom Relay, a media transfer service that allows users to remotely capture, stream, and route video data from RTSP/RTP protocol network cameras. Because this service is fully integrated into the cloud, users can even utilize RTSP-network cameras without built-in cloud capabilities.

Soracom also supports WireGuard VPN for clients connecting over the public Internet. By issuing a virtual SIM with the corresponding Wireguard credentials, remote devices that have access to the Internet can establish secure links to the platform and enjoy the platform services that make developers’ lives easier, including Soracom Relay, highlighted in this blog.

II. The Power of Amazon Kinesis Video Streams (KVS)

Amazon Kinesis Video Streams (KVS) is a fully managed AWS service that allows developers to securely stream video data to Amazon Web Services for storage, processing, and analysis. This service enables real-time video streaming and offers powerful features like easy integration with other AWS services, playback, and real-time monitoring. Once video is streamed to an Amazon KVS video stream, you can run multiple applications to process the video stream, including AI/ML-based video processing and AWS Rekognition. 

Amazon Kinesis Video Streams automatically provision and elastically scale all the infrastructure needed to ingest video streams – storing, encrypting, and indexing video data from potentially millions of devices. Further integrations with tools like Amazon Rekognition Video can even enable computer vision and video analytics.

Amazon KVS also supports common protocols such as HTTP Live Streaming (HLS) MPEG-DASH, and WebRTC, which enable various AI/ML applications to easily integrate and consume the video streams.

III. Challenges in Connecting an RTSP Camera to Amazon KVS

RTSP is a pull-based protocol. To consume a video stream from a camera, you have to connect to the camera’s RTSP server as a client and pull the stream. RTSP also relies on authentication using a username and password and does not support built-in encryption for video streams. 

Because of the nature of the protocol, connecting an RTSP camera to Amazon KVS will typically require one of two approaches:

On-Site Edge-Based Approach: Set up an edge device in the same local area network as the camera that works as an RTSP client, fetches the video stream, and calls the Amazon KVS endpoint using a set of AWS credentials.

Cloud-Based Approach: Run a container or process in the AWS cloud that remotely accesses the camera as an RTSP client, fetches the video stream, and calls the Amazon KVS endpoint using an AWS IAM role configured to allow Amazon KVS API calls.

Both approaches have significant drawbacks. 

  • One benefit of an Edge-based approach is that RTSP is terminated within the LAN. Since the protocol only supports username and password-based authentication and no encryption, it is good not to expose the endpoint or transfer unencrypted video feed over the public Internet. However, this requires you to manage those edge devices in each remote site. The capacity is limited to the CPU and memory resources available in the edge devices. It also has to store and rotate AWS credentials in those edge devices over time.  
  • Things are reversed with the Cloud-based approach. While there is no need to deploy edge devices or manage AWS credentials in each device, you’d have to expose the RTSP ports of the cameras to the public Internet, and the video stream has to be transferred without security. When it comes to authentication, you’d have to rely on a username and password. To maintain decent security, there has to be a way to rotate the passwords over time.

IV. Using Soracom Relay to Bypass Common Challenges and Securely Connect RTSP Cameras to KVS 

Here’s how Soracom Relay works. 

Let’s say RTSP cameras are connected to the Soracom platform using either cellular or WireGuard VPN. That lets Soracom Relay securely access the cameras’ RTSP ports using the secure connection. If the cameras are behind a router that has a secure link to the Soracom platform via cellular or Wireguard, the router can be configured to forward incoming requests to a port to the corresponding port of an RTSP camera. 

As you can see, there is no need to set up an edge device in the same LAN as the RTSP camera or open up the camera’s RTSP port to the public Internet. You do not need to write code or manage it in the cloud because Soracom Relay is a managed service and it runs the workers needed to ingest videos from cameras to the specified Amazon KVS video streams. 

V. Connecting an RTSP camera to Amazon KVS using Soracom Relay 

  1. Connect a router to the Soracom IoT Platform: RTSP Cameras do not usually support cellular or WireGuard VPN connectivity by themselves, and the issue is amplified when there are multiple RTSP cameras in a LAN. Fortunately, you can set up a router that supports WireGuard, cellular, or both. If the router supports both, the connection can be switched to cellular using a Soracom IoT SIM if no other Internet connection is available
  2. Configure the router to forward requests to RTSP Camera: Connect the RTSP camera (or cameras) that you want to use for video streaming to a router. Configure the camera’s network settings to work with the Soracom cellular network.
  3. Start Soracom Relay: Go to the Soracom web console,  set parameters such as SIM ID, RTSP URL, and hit the start button. 
  1. Connect a Router to the Soracom IoT Platform

RTSP cameras are typically designed for use within a site’s LAN network, so when you’re connecting them to AWS services you’ll need a router solution to connect to the Internet. To use the Soracom platform’s cellular or WireGuard services you can select any router that supports WireGuard or that has a cellular modem to take a Soracom IoT SIM.

In this blog, we’ll use a Teltonika RUT240 router that supports WireGuard and has a built-in cellular module. It can be configured to use Ethernet or WiFi as its main backhaul connection and can switch to cellular automatically if the main connection goes down. 

We have connected an RTSP camera to the router and installed a Soracom IoT SIM as explained in this instruction

You can confirm that the router is connected through its web-based configuration interface and/or the Soracom user console, as shown below.

Now, the router is connected securely to the Soracom platform! 

We use a cellular connection in this example, but the router can also be configured to use WireGuard over WiFi or Ethernet to securely connect to the Soracom platform.

  1. Configure the router to forward requests to the RTSP camera

Go to the router’s port forwarding configuration page.

Here, we want to configure a port-forwarding rule so that any request coming to a port over the WAN interface is forwarded to the camera’s IP address (available in the router’s DHCP lease information) and RTSP port (554 by default). We pick 8554 as the external port to be mapped to the RTSP camera in this example. 

By completing this step, an RTCP coming to router port 8554 will be forwarded to the camera’s RTSP port 554. 

  1. Start Soracom Relay: 

At this point we have prepared a router with a secure cellular connection established with the Soracom platform and an RTSP camera is connected to the router. We are ready to start a video streaming session and ingest the video stream to Amazon KVS! Here is how to do that:

1. Log in to the Soracom User Console 

2. Open the menu and click Soracom RelaySoracom Relay Sessions

Soracom User Console, Soracom Relay blog

   The SORACOM Relay Sessions screen will appear.

3. Click New

The Create New Soracom Relay Session screen will appear. You can search the target device by using tags associated with SIMs.

Soracom relay

Once the target device is selected, fill in the parameters for the target camera’s RTSP URL.

An RTSP URL has the standard URL schema as below. 


rtsp://<RTSP Username>:<RTSP Password>@<Host Address>:<RTSP Port>/<Path>?<Query parameter name 1>=<Query parameter value 1> 


Each camera manufacturer uses different paths and query parameters, so please refer to the owner’s manual or search on the web. The camera in this example uses the following URL, so we fill the form accordingly. 


rtsp://admin:<RTSP Password>@<Host Address>:8554/h264


Soracom relay

Note that we specify the router’s external port (8554 in this example) as the RTSP port.

Now, scroll down and fill in the destination service configuration. Select Amazon KVS (Soracom managed). The retention period is how long the video streaming session should last. Here, we set it to 30 minutes. Once everything is set, click the Create button.

Soracom relay

Once the Relay session has been created, the SORACOM Relay Session Details screen will appear, and Relay will begin initializing the RTSP video stream. 

Once Relay begins receiving video from your RTSP-enabled network camera, the video stream will be sent to an Amazon KVS video stream.

Soracom relay

When a Soracom-managed KVS stream is selected, the video can be played back in the Relay session details window. 

Soracom Relay example image

Now the video stream is fed to a KVS stream and stored in its robust storage for a retention period of time. You can run multiple applications in parallel to process and analyze the stream. Here’s an example of running an AI/ML application that detects objects, poses of the body and hands, and face mesh. The application takes the video stream from an HLS endpoint of the KVS stream and processes it in real-time. 

Soracom Relay example image

As you can see in the example, with Soracom Relay, a conventional RTSP camera can be cloud-native and take advantage of the power of the cloud.

VI. Benefits of Soracom Platform for Amazon KVS Integration

  1. Managed Connections for RTSP Cameras to Amazon KVS: You can connect existing RTSP cameras to Amazon KVS without having to install edge devices or run cloud-side workers, and focus on your applications for faster time to market.
  2. Security: You do not have to expose cameras’ RTSP ports to the public Internet, which could create security risks and require manual credential management. Soracom’s secure connectivity restricts access to where it is needed as Amazon KVS’s encryption features ensure that your video data remains protected throughout the streaming process.
  3. Flexible Connectivity Options and Global Cellular Connectivity: Secure links with Soracom can be achieved with either WireGuard or Soracom cellular service. Soracom’s cellular SIM cards provide global coverage, allowing you to deploy your RTSP cameras in various locations without worrying about connectivity issues.
  4. Scalability and Simple Management: since Soracom runs logic in AWS and Amazon KVS can easily scale to accommodate the increasing number of RTSP cameras, setup and management should be a seamless experience.
  5. Cost Efficiency: Soracom offers flexible pricing plans that let you choose the best fit for your project’s requirements. This helps optimize costs while maintaining reliable connectivity.

Connected RTSP cameras don’t typically offer best-in-class security solutions, which has reduced their viability in many settings due to the risks created by insecure admin credentials and a low security-rated protocol. Soracom’s cloud-native connectivity platform and Relay service deliver real solutions for both issues by securing both the traffic path between the camera’s internet connection and Soracom’s platform servers and the secure integration with a customer’s specific Amazon KVS instance. Both of these elements work together to lock the data link out of reach from bad actors who might seek to access the RTSP/RTP camera, ensuring that only traffic to and from the configured Amazon KVS instance has any chance of interacting with the camera’s streams.

On top of the security solutions that Soracom delivers, system integrators looking to create valuable insights from the RTSP/RTP camera streams have an ideal partner in Soracom when scaling – both geographically and in volume. Soracom’s solutions address multi-country, multi-carrier, and multi-bearer use cases that enable resilient connectivity, and present both a scalable network operator core and a scalable suite of integration instances. Soracom already supports million+ scale IoT deployments with secure connectivity, expert support, and enterprise-focused tools to enable reliable, valuable insights quickly.

Soracom Relay is a Natural Fit for Amazon KVS

Integrating Soracom with Amazon Kinesis Video Streams offers a powerful solution for provisioning RTSP cameras and harnessing their streaming capabilities for various applications. This synergy between secure, reliable cellular connectivity and AWS’s advanced video processing capabilities paves the way for innovative IoT projects that involve real-time video monitoring, analysis, and beyond. This capability presents a wealth of opportunities that could benefit everything from security to industrial automation, and other crucial IoT sectors.


Got a question for Soracom? Whether you’re an existing customer, interested in learning more about our product and services, or want to learn about our Partner program – we’d love to hear from you!