What is AWS CodeArtifact?
How much does CodeArtifact cost?
With CodeArtifact, there are no upfront fees or commitments. You pay only for the software packages stored, the number of requests made, and the data transferred out of an AWS Region. CodeArtifact includes a monthly free tier for storage and requests. For pricing details see the pricing details.
In which AWS Regions is CodeArtifact available?
CodeArtifact is available in the following 10 AWS Regions:
- US East (N.Virginia)
- US East (Ohio)
- US West (Oregon)
- EU (Ireland)
- EU (Frankfurt)
- EU (Stockholm)
- Asia Pacific (Sydney)
- Asia Pacific (Tokyo)
- Asia Pacific (Mumbai)
- Asia Pacific (Singapore).
Getting Started/Using CodeArtifact
How do I get started with CodeArtifact?
What is a CodeArtifact domain?
A domain is a CodeArtifact-specific construct that allows grouping and managing multiple CodeArtifact repositories owned by a single organization across multiple AWS accounts. For example, an organization might create a central repository for sharing packages between teams and project-level repositories to store packages only used by a single team or application.
What is a CodeArtifact repository?
A CodeArtifact repository contains a set of package versions, each of which maps to a set of assets. Repositories are polyglot—a single repository can contain packages of any supported type. Each repository exposes endpoints for fetching and publishing packages using tools like the npm CLI, the Maven CLI (mvn), and pip. You can create up to 100 repositories per AWS account.
How do I create repositories in CodeArtifact?
You can create repositories using the console wizard, or programmatically using the AWS SDKs or CLI. For more information, see Create a repository in the AWS CodeArtifact documentation.
How do I publish artifacts to CodeArtifact?
How do I retrieve an artifact from CodeArtifact?
You can fetch artifacts using language-native tools. For example, to install the npm package webpack and all its dependencies, run the CodeArtifact CLI “login” command, and then run npm install webpack. npm fetches the webpack from CodeArtifact, performs dependency resolution based on the information in webpack’s package.json file, then recursively fetches all required dependencies from CodeArtifact. Learn more here.
How do I configure a CodeArtifact repository to pull packages from external package repositories such as npm registry?
On the CodeArtifact console, create a repository with an external connection to pull packages from a public repository such as npm registry. You can also use the AssociateExternalConnection API to create a connection between a CodeArtifact repository and a public repository. Whenever packages are requested, CodeArtifact pulls and caches the required packages from external repositories if those packages are not already present.
Authentication and access control
How do I authenticate to a CodeArtifact repository from the AWS CLI?
First, install the AWS CLI and configure AWS credentials for an IAM user or role that has the appropriate permission to access CodeArtifact. You can then use the CLI to call the CodeArtifact GetAuthorizationToken API. This API vends auth tokens, that can be included in the HTTP Authorization header in rvequests made by package managers and build tools. The CLI provides the login command that calls GetAuthorizationToken and automatically configures a package manager to use this token for all requests. This is similar to the get-login command provided by Amazon ECR, so developers who have interacted with ECR using the docker CLI will be familiar with this pattern.
Can I enable cross-account access to my repositories?
Yes. CodeArtifact repositories support resource policies to enable cross-account access. You can add a resource policy via the console or AWS CLI.
Can I enable permissions at the package level?
Yes. CodeArtifact supports package-level write permissions. You can configure these by adding statements to a repository resource policy document that specify a package ARN as the resource. CodeArtifact supports only repository-level read permissions, that is, a given IAM principal can either read all the packages in a repository or none of them.
Does CodeArtifact encrypt my packages?
Yes. All packages stored by CodeArtifact are encrypted in transit using TLS and at rest using AES-256 symmetric key encryption. CodeArtifact supports both the AWS Key Management Service (KMS) customer managed CMKs and the AWS managed CMKs.
Can I use AWS CodeArtifact with AWS CodeBuild?
Yes. You can specify the CodeArtifact repositories to use for consuming and publishing packages in your CodeBuild project configuration. Available CodeBuild images include client tools for all the package types supported by CodeArtifact. CodeBuild configures the build tool or package manager to use the specified repository and fetch a CodeArtifact auth token at the start of the build using the build’s IAM role. You can also specify the build artifacts that should be published to your CodeArtifact repository when the build is complete. CodeBuild builds can be triggered using CloudWatch Events emitted by a CodeArtifact repository when its contents change.
Can I use AWS CodeArtifact with AWS CodePipeline?
Yes. Using Amazon EventBridge, you can trigger a CodePipeline build when a package stored in a CodeArtifact repository changes - for example, when a new version of the package is published.