Authentication
You can authenticate with the @remotion/lambda
package either using:
- an
REMOTION_AWS_PROFILE
orAWS_PROFILE
environment variable pointing to a file REMOTION_AWS_ACCESS_KEY_ID
andREMOTION_AWS_SECRET_ACCESS_KEY
environment variablesAWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
environment variables
Environment variables sitting in a .env
file are automatically picked up if you use the Remotion CLI, but not if you use the Node.JS APIs. If multiple ways are provided, Remotion will use the order above and use the first credentials found.
We recommend using the environment variable variants prefixed with REMOTION_
because:
- On some environments, the unprefixed variants may be reserved (e.g. Vercel deployments)
- Confusing conflicts between Remotion and the AWS CLI may be caused if you use the unprefixed versions.
Rotating credentials
Using more than one AWS account can be a viable scaling strategy to increase the concurrency limit. To do so, you can set new values for the REMOTION_AWS_ACCESS_KEY_ID
and REMOTION_AWS_SECRET_ACCESS_KEY
or other environment variables before making an operation using @remotion/lambda
. Below is an implementation example.
.envini
# Account 1AWS_KEY_1=AK...AWS_SECRET_=M/# Account 2AWS_KEY_2=AK...AWS_SECRET_2=M/
.envini
# Account 1AWS_KEY_1=AK...AWS_SECRET_=M/# Account 2AWS_KEY_2=AK...AWS_SECRET_2=M/
You need to read the .env
file yourself using the dotenv
package.
rotate-credentials.tstsx
constgetAccountCount = () => {letcount = 0;while (process .env ["AWS_KEY_" + (count + 1)] &&process .env ["AWS_SECRET_" + (count + 1)]) {count ++;}returncount ;};constgetRandomAwsAccount = () => {returnMath .ceil (Math .random () *getAccountCount ());};constsetEnvForKey = (key : number) => {process .env .REMOTION_AWS_ACCESS_KEY_ID =process .env [`AWS_KEY_${key }`];process .env .REMOTION_AWS_SECRET_ACCESS_KEY =process .env [`AWS_SECRET_${key }`];};// Set random account credentialssetEnvForKey (getRandomAwsAccount ());
rotate-credentials.tstsx
constgetAccountCount = () => {letcount = 0;while (process .env ["AWS_KEY_" + (count + 1)] &&process .env ["AWS_SECRET_" + (count + 1)]) {count ++;}returncount ;};constgetRandomAwsAccount = () => {returnMath .ceil (Math .random () *getAccountCount ());};constsetEnvForKey = (key : number) => {process .env .REMOTION_AWS_ACCESS_KEY_ID =process .env [`AWS_KEY_${key }`];process .env .REMOTION_AWS_SECRET_ACCESS_KEY =process .env [`AWS_SECRET_${key }`];};// Set random account credentialssetEnvForKey (getRandomAwsAccount ());
Using and AWS profile
available from v3.3.9
If you prefer AWS profile, you may use them. The list of profiles is located at ~/.aws/credentials
on macOS and Linux and has the following format:
~/.aws/credentialsini
[default]# ...[remotion]aws_access_key_id = YOUR_ACCESS_KEY_IDaws_secret_access_key = YOUR_SECRET_ACCESS_KEY
~/.aws/credentialsini
[default]# ...[remotion]aws_access_key_id = YOUR_ACCESS_KEY_IDaws_secret_access_key = YOUR_SECRET_ACCESS_KEY
In this example, we added a remotion
profile. Now, by setting REMOTION_AWS_PROFILE=remotion
, you can select the profile and don't need to pass each environment variable separately anymore.