AWS CodeArtifact のアイコン

AWS CodeArtifact Specialized2020年〜

A fully managed artifact repository for securely storing and sharing software packages

About 3 min read

What It Does

AWS CodeArtifact is a fully managed artifact repository service that supports major package managers including npm, PyPI, Maven, and NuGet. It centrally manages software packages used within your organization and acts as a proxy for fetching packages from public repositories, ensuring dependency security and availability. Fine-grained access control through IAM policies enables safe package sharing across teams.

Use Cases

CodeArtifact is used across all aspects of software package management: centrally managing and distributing internally developed shared libraries, caching npm and PyPI public packages to ensure dependency stability, storing and distributing build artifacts in CI/CD pipelines, controlling package sources as a supply chain attack countermeasure, and securely sharing private packages across multiple teams.

Everyday Analogy

Think of it like a company library. Buying books (packages) from external bookstores (public repositories) every time carries risks of stock-outs and quality issues. By setting up a company library (CodeArtifact), you can keep frequently used books on hand, manage internal manuals (private packages) alongside them, and track who borrowed which book.

What Is CodeArtifact?

AWS CodeArtifact is a fully managed artifact repository service released in 2020. Software development relies on numerous external packages, but risks exist such as public repository outages, package deletions, and malicious package injection. CodeArtifact mitigates these risks and provides a foundation for managing packages securely and efficiently across your organization.

Key Features

CodeArtifact manages packages in a two-tier hierarchy of domains and repositories. A domain is the organizational management unit, within which you can create multiple repositories. Each repository can configure upstream connections to automatically cache packages from public repositories (npmjs.com, pypi.org, etc.). Once cached, packages remain available even if the public repository goes down, improving build stability. Package version management and dependency tracking are handled automatically.

Security and Access Control

CodeArtifact supports access control through both IAM policies and resource-based policies. You can set granular read/write permissions per repository, restricting package publishing to specific teams. It also supports encryption at rest with AWS KMS by default, and data in transit is protected with TLS. Integration with CloudTrail records package fetch and publish operations as an audit trail. For detailed implementation of security and access control, related books on Amazon provide in-depth coverage.

CI/CD Pipeline Integration

CodeArtifact integrates seamlessly with major CI/CD tools including CodeBuild, CodePipeline, GitHub Actions, and Jenkins. You can easily build workflows that fetch dependency packages from CodeArtifact during builds and publish build artifacts back to CodeArtifact. Authentication tokens are obtained via the AWS CLI, and time-limited tokens provide secure temporary access.

Things to Watch Out For

  • Packages from public repositories are automatically cached via upstream connections, but the initial fetch requires access to the public repository
  • Authentication tokens expire after 12 hours by default, so token renewal must be considered for long-running build processes
共有するXB!

Related Services

AWS CodeBuild iconAWS CodeBuildA fully managed build service that automates source code compilation and testingAWS CodePipeline iconAWS CodePipelineA service for building and automating CI/CD pipelines from source to deploymentAWS IAM iconAWS IAMAn authentication and authorization service for securely managing access to AWS resourcesAWS KMS iconAWS KMSA managed encryption key service for securely creating and managing keys used to encrypt data

Related Articles

Artifact Repository Management - Building a Secure Package Management Platform with AWS CodeArtifactLearn how to build and operate an artifact repository using AWS CodeArtifact. This guide covers centralizing package management for npm, Maven, PyPI, and more, along with building secure build pipelines through CodeBuild integration.Building a Package Management Platform with AWS CodeArtifact - Private Repositories for npm, Maven, and PyPIBuild private repositories for npm, Maven, and PyPI, and ensure build stability with upstream caching. Prevent dependency confusion attacks with package origin controls.

More in This Category

AWS Application Composer iconAWS Application Composer NewA service for visually designing serverless application architectures and auto-generating IaC templatesAWS CDK iconAWS CDK PopularAn IaC framework that lets you define AWS infrastructure using programming languages like TypeScript and PythonAWS Cloud9 iconAWS Cloud9 DeprecatedA cloud IDE service that lets you write, run, and debug code entirely from your browserAWS CloudShell iconAWS CloudShell SpecializedA free managed shell environment that lets you run AWS CLI instantly from your browserAWS CodeBuild iconAWS CodeBuild PopularA fully managed build service that automates source code compilation and testingAmazon CodeCatalyst iconAmazon CodeCatalyst SpecializedA service that unifies project management, CI/CD, and cloud development environments for development teamsAWS CodeCommit iconAWS CodeCommit DeprecatedA secure, private Git repository hosting service provided by AWSAWS CodeDeploy iconAWS CodeDeploy PopularA fully managed service that automates application deployments to EC2, Lambda, and ECS

Similar Articles and Services

Artifact Repository Management - Building a Secure Package Management Platform with AWS CodeArtifactLearn how to build and operate an artifact repository using AWS CodeArtifact. This guide covers centralizing package management for npm, Maven, PyPI, and more, along with building secure build pipelines through CodeBuild integration.Building a Package Management Platform with AWS CodeArtifact - Private Repositories for npm, Maven, and PyPIBuild private repositories for npm, Maven, and PyPI, and ensure build stability with upstream caching. Prevent dependency confusion attacks with package origin controls.AWS CodeArtifactA fully managed artifact management service providing package repositories for npm, Maven, PyPI, NuGet, and moreAWS CodeCommitA secure, private Git repository hosting service provided by AWSAWS CodeBuildA fully managed cloud-based CI build service that compiles source code, runs tests, and produces deployment packages