AWS CodeArtifact - Private packages

You can now allow Aikido's autofix to connect to registries hosting private packages on AWS CodeArtifact. To enable this connection, you need to provide the following 3 environment variables:

AWS_CODE_ARTIFACT_ACCESS_KEY: an access key for a user or role which has the AWSCodeArtifactReadOnlyAccess permission
AWS_CODE_ARTIFACT_SECRET_KEY: a secret key for a user or role which has the AWSCodeArtifactReadOnlyAccess permission
AWS_CODE_ARTIFACT_DOMAIN: the domain of the CodeArtifact repositories

These environment variables can be set in the Custom config section, explained here:
https://help.aikido.dev/doc/custom-config---private-packages/docQ3WJSEZTf.

When these 3 environment variables are set, Aikido Autofix will set a "CODEARTIFACT_AUTH_TOKEN" environment variable during the process. This environment variable can then be used by the package manager of the repo to authenticate with the repos. See below for registry specific config which is required.

NPM & PNPM

A basic .npmrc configuration must be present in the repository where the private package is being installed. It should contain the following information, with the placeholders replaced with your information:

[REGISTRY_NAME]=https://[AWS_CODEARTIFACT_DOMAIN]-[AWS_ACCOUNT_ID].d.codeartifact.[CODEARTIFACT_REPO_REGION].amazonaws.com/npm/[CODEARTIFACT_REPO_NAME]
//[AWS_CODEARTIFACT_DOMAIN]-[AWS_ACCOUNT_ID].d.codeartifact.[CODEARTIFACT_REPO_REGION].amazonaws.com/npm/[CODEARTIFACT_REPO_NAME]/:_authToken=${CODEARTIFACT_AUTH_TOKEN}

Poetry - Private packages

NPM - Private Packages