Changelog NotificationsAPIAikido login

AWS CodeArtifact - Private packages

You can allow Aikido's autofix to connect to registries hosting private packages on AWS CodeArtifact. To enable this connection, you need to provide the following 3 environment variables:

  • AWS_CODE_ARTIFACT_ACCESS_KEY: an access key for a user or role which has the AWSCodeArtifactReadOnlyAccess permission

  • AWS_CODE_ARTIFACT_SECRET_KEY: a secret key for a user or role which has the AWSCodeArtifactReadOnlyAccess permission

  • AWS_CODE_ARTIFACT_DOMAIN: the domain of the CodeArtifact repositories as seen in the AWS console (not the full domain name)

  • AWS_CODE_ARTIFACT_REGION: the AWS region where the CodeArtifact domain is hosted (eg. us-east-1)

These environment variables can be set in the Custom config section, explained here:https://help.aikido.dev/doc/custom-config---private-packages/docQ3WJSEZTf.

When these 3 environment variables are set, Aikido Autofix will set a "CODEARTIFACT_AUTH_TOKEN" environment variable during the process. This environment variable can then be used by the package manager of the repo to authenticate with the repos. See below for registry specific config which is required.

NPM & PNPM

A basic .npmrc configuration must be present in the repository where the private package is being installed. It should contain the following information, with the placeholders replaced with your information:

[REGISTRY_NAME]=https://[AWS_CODEARTIFACT_DOMAIN]-[AWS_ACCOUNT_ID].d.codeartifact.[CODEARTIFACT_REPO_REGION].amazonaws.com/npm/[CODEARTIFACT_REPO_NAME]
//[AWS_CODEARTIFACT_DOMAIN]-[AWS_ACCOUNT_ID].d.codeartifact.[CODEARTIFACT_REPO_REGION].amazonaws.com/npm/[CODEARTIFACT_REPO_NAME]/:_authToken=${CODEARTIFACT_AUTH_TOKEN}

Poetry

You need to set an additional environment variable to tell Poetry to use the CodeArtifact Auth Token: set POETRY_HTTP_BASIC_[SOURCE]_USERNAME to aws . Make sure to replace the [SOURCE] with the source name from your pyproject.toml , eg: 

[[tool.poetry.source]]
name = "artifact"
url = "https://repo-1234567890.d.codeartifact.eu-west-1.amazonaws.com/pypi/poetry/simple/"

The name of the source in the example is artifact. So the POETRY_HTTP_BASIC_ARTIFACT_USERNAME environment variable needs to be set to aws.

By setting the POETRY_HTTP_BASIC_[SOURCE]_USERNAME to aws , we will automatically populate the POETRY_HTTP_BASIC_[SOURCE]_PASSWORD which wil provide Poetry with access to the AWS CodeArtifact repository.

Last updated

Was this helpful?