search
Changelog NotificationsAPIAikido login

AWS CodeArtifact - Private Packages

You can allow Aikido's AutoFix to connect to registries hosting private packages on AWS CodeArtifact. To enable this connection, you need to provide the following 4 environment variables:

  • AWS_CODE_ARTIFACT_ACCESS_KEY: an access key for a user or role which has the AWSCodeArtifactReadOnlyAccess permission

  • AWS_CODE_ARTIFACT_SECRET_KEY: a secret key for a user or role which has the AWSCodeArtifactReadOnlyAccess permission

  • AWS_CODE_ARTIFACT_DOMAIN: the domain of the CodeArtifact repositories as seen in the AWS console (eg. mydomain)

  • AWS_CODE_ARTIFACT_REGION: the AWS region where the CodeArtifact domain is hosted (eg. us-east-1)

When these 4 environment variables are set, Aikido AutoFix will set a CODEARTIFACT_AUTH_TOKEN environment variable during the process. This environment variable can then be used by the package manager of the repo to authenticate with the repos. See below for registry specific config which is required.

These environment variables can be set in Autofix > Settings > Connect Registry > Set Environment variables.

hashtag
NPM & PNPM

A basic .npmrc configuration must be present in the repository (or Aikido configuration) where the private package is being installed. It should contain the following information, with the placeholders replaced with your information:

@pied-piper:registry=https://mydomain-123456789.d.codeartifact.us-east-1.amazonaws.com/npm/pied-piper
//mydomain-123456789.d.codeartifact.us-east-1.amazonaws.com/npm/pied-piper/:_authToken=${CODEARTIFACT_AUTH_TOKEN}

During the AutoFix, the ${CODEARTIFACT_AUTH_TOKEN} will be replaced by an actual auth token.

hashtag
Poetry

You need to set an additional environment variable to tell Poetry to use the CodeArtifact Auth Token: set POETRY_HTTP_BASIC_[SOURCE]_USERNAME to aws . Make sure to replace the [SOURCE] with the source name (in upper case) from your pyproject.toml , eg:

[[tool.poetry.source]]
name = "artifact"
url = "https://repo-1234567890.d.codeartifact.eu-west-1.amazonaws.com/pypi/poetry/simple/"

The name of the source in the example is artifact. So the POETRY_HTTP_BASIC_ARTIFACT_USERNAME environment variable needs to be set to aws.

By setting the POETRY_HTTP_BASIC_[SOURCE]_USERNAME to aws , AutoFix will automatically populate the POETRY_HTTP_BASIC_[SOURCE]_PASSWORD which wil provide Poetry with access to the AWS CodeArtifact repository.

Last updated

Was this helpful?