I created AWS CodeArtifact repository, obtained token with aws codeartifact get-authorization-token command, and set it correctly to .m2/settings.xml (my project is using maven as build tool & package manager).
The problem is that the token expires after 12 hours. This means that I and all the developers working on the project have to fetch a new token and set the new token in settings.xml file.
And same has to be done for ci/cd server that also needs to have a connection to CodeArtifact in order to push the artifacts after building.
There has to be a way to solve this problem but unfortunately, I wasn't able to find the solution.
Why not just use the ~/.mavenrc file, and add something like this?
CA_TOKEN_FILE=~/.m2/.ca_token
# is our token file more than 12 hours old (or missing?)
if [[ $(find $CA_TOKEN_FILE -mmin -710 2> /dev/null) != $CA_TOKEN_FILE ]]; then
# Do we need to refresh AWS creds?
if ! aws sts get-caller-identity --profile default &> /dev/null; then
# refresh your creds here
fi
echo "export CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token --domain <domain> --domain-owner <ownerid> --query authorizationToken --output text)" > $CA_TOKEN_FILE
fi
# source the env file
. $CA_TOKEN_FILE
The AWS refresh is optional, but typically that would prompt for creds as necessary.
You also need to add something like this to .m2/settings.xml
<server>
<id>ca-servername</id>
<username>aws</username>
<password>${env.CODEARTIFACT_AUTH_TOKEN}</password>
</server>