CodeArtifact

Icon

Software packages (artifacts) depend on each other to be build (i.e., dependencies), and new ones are created.
This management of artifacts for storing are retrieving artifacts is called artifact management.
CodeArtifact is a scalable, secure and cost-effective artifact management software for software development.
It works like common dependency management software such as Maven, Gradle, yarn, npm, twine, pip, NuGet etc.
Developers and CodeBuild can then retrieve dependencies straight from CodeArtifact.
CodeArtifact can act as a proxy to public artifact repositories like npm, maven central etc. The artifacts pulled from public artifact repositories will be cached in CodeArtifact.
Developers can also publish their own artifacts into CodeArtifact.
AWS KMS or Customer Managed Key can be used to encrypt artifacts in a domain.

Domain:
- This is where artifact is stored in CodeArtifact.
- Each domain can have multiple repositories.
- Domain and repositories should exist in same AWS region.

This allows public repository to connect with AWS's repository based on package manager.
We can use CLI or manual setup up by obtaining authorization token

An event is emitted when a package version is modified, created or deleted.
This emitted event is then send to EventBridge.
Once event is recieved at EventBridge it can be used to invoke a Lambda, Step Functions, SNS, SQS, CodePipeline.

When another account needs to access resource from CodeArtifact, then resource policy is needed.
A given Principal can either read all of the package in a repository or none of them.

You can apply resource policy at repository level.
- ReadOnly access
- Read and Publish access
- Full Repository Access

You can apply resource policy at domain level for IAM principal or AWS Organization.
- Contributor domain access policy
- Full domain access policy

Last updated 21 days ago