Scribd
Upload
7 views

codeartifac

AWS CodeArtifact is a secure and scalable artifact management service that allows developers to store and retrieve software package dependencies using various tools like Maven and npm. It supports integration with AWS services and external repositories, enabling efficient package management and sharing across teams. Additionally, Amazon CodeGuru provides automated code reviews and performance recommendations to enhance application quality and efficiency.

Uploaded by

maximorero14
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views

codeartifac

AWS CodeArtifact is a secure and scalable artifact management service that allows developers to store and retrieve software package dependencies using various tools like Maven and npm. It supports integration with AWS services and external repositories, enabling efficient package management and sharing across teams. Additionally, Amazon CodeGuru provides automated code reviews and performance recommendations to enhance application quality and efficiency.

Uploaded by

maximorero14
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

NOT FOR DISTRIBUTION © Stephane Maarek www.datacumulus.

com
AWS CodeArtifact
• Software packages depend on each other to be built (also called code
dependencies), and new ones are created
• Storing and retrieving these dependencies is called ar tifact
management
• Traditionally you need to setup your own artifact management system
• CodeAr tifact is a secure, scalable, and cost-effective ar tifact
management for software development
• Works with common dependency management tools such as Maven,
Gradle, npm, yarn, twine, pip, and NuGet
• Developers and CodeBuild can then retrieve dependencies straight
from CodeAr tifact

© Stephane Maarek
NOT FOR DISTRIBUTION © Stephane Maarek www.datacumulus.com
AWS CodeArtifact
VPC
npm
fetch
Public Artifact Repositories AWS CodeArtifact
JavaScript
Domain AWS CodeBuild
pip
NuGet proxy
Repository A Repository B Python

NuGet

Package 1 Package 2 .NET


publish/approve Maven
packages

Java
IT Leader

© Stephane Maarek
NOT FOR DISTRIBUTION © Stephane Maarek www.datacumulus.com
CodeArtifact – EventBridge Integration
invoke Lambda
Function
Event is created when a Package
version is created, modified, or deleted
activate Step Functions
State Machine

events message
SNS

CodeArtifact EventBridge message


SQS

CodePipeline
start Rebuild & Redeploy
an Application
with the latest
security fixes
CodeCommit CodeBuild CodeDeploy

© Stephane Maarek
NOT FOR DISTRIBUTION © Stephane Maarek www.datacumulus.com
CodeArtifact – Resource Policy
• Can be used to authorize another
account to access CodeArtifact
• A given principal can either read all the
packages in a repository or none of them

Account B Account A
(222333344555) (123456789012)

read packages

IAM User CodeArtifact


(bob)
Repository
Repository Resource Policy

© Stephane Maarek
NOT FOR DISTRIBUTION © Stephane Maarek www.datacumulus.com
CodeArtifact – Upstream Repositories
External
• A CodeArtifact repository can have other Repository
CodeArtifact repositories as Upstream External Connection
Repositories
CodeArtifact
• Allows a package manager client to access
the packages that are contained in more Repository A Repository B

than one repository using a single Upstream Upstream


repository endpoint
Repository
(my-repo)
• Up to 10 Upstream Repositories
• Only one external connection
Developer
(npm)

© Stephane Maarek
NOT FOR DISTRIBUTION © Stephane Maarek www.datacumulus.com
CodeArtifact – External Connection
• An External Connection is a connection between a Public
CodeArtifact Repository and an external/public repository Repository
(e.g., Maven, npm, PyPI, NuGet…)
External Connection
• Allows you to fetch packages that are not already present
in your CodeArtifact Repository CodeArtifact
• A repository has a maximum of 1 external connection
Cached
• Create many repositories for many external connections Repository A
Packages

Upstream
• Example – Connect to npmjs.com
• Configure one CodeArtifact Repository in your domain with an
external connection to npmjs.com Repo B Repo C Repo D …
• Configure all the other repositories with an upstream to it
• Packages fetched from npmjs.com are cached in the Upstream
Repository, rather than fetching and storing them in each
Repository
Developer
(npm)

© Stephane Maarek
NOT FOR DISTRIBUTION © Stephane Maarek www.datacumulus.com
CodeArtifact – Retention Public
Repository
Lodash
• If a requested package version is found in an Upstream (v4.17.20)
Repository, a reference to it is retained and is always available External Connection
from the Downstream Repository
• The retained package version is not affected by changes to the CodeArtifact
Upstream Repository (deleting it, updating the package...)
• Intermediate repositories do not keep the package Lodash Repository C
• Example – Fetching Package from npmjs.com (v4.17.20)

• Package Manager connected to Repository A requests the package Upstream


Lodash v4.17.20
Repository B
• The package version is not present in any of the three repositories
• The package version will be fetched from npmjs.com Upstream
• When Lodash 4.17.20 is fetched, it will be retained in: Lodash
• Repository A – the most-downstream repository Repository A
(v4.17.20)
• Repository C – has the external connection to npmjs.com
• The Package version will not be retained in Repository B as that
is an intermediate Repository
Developer
(npm)

© Stephane Maarek
NOT FOR DISTRIBUTION © Stephane Maarek www.datacumulus.com
CodeArtifact – Domains
• Deduplicated Storage – asset only needs to be Domain Resource-based Policy
stored once in a domain, even if it's available in many
repositories (only pay once for storage) CodeArtifact Domain
• Fast Copying – only metadata record are updated
when you pull packages from an Upstream Account A Account B
CodeArtifact Repository into a Downstream
Repository A Repository B
• Easy Sharing Across Repositories and Teams – all
the assets and metadata in a domain are encrypted
with a single AWS KMS Key Account C Account D

• Apply Policy Across Multiple Repositories – Repository C Repository D


domain administrator can apply policy across the
domain such as: repos sharing
the same package
• Restricting which accounts have access to repositories in Shared Storage
the domain
• Who can configure connections to public repositories to
use as sources of packages

© Stephane Maarek
NOT FOR DISTRIBUTION © Stephane Maarek www.datacumulus.com
Amazon CodeGuru
• An ML-powered service for automated code reviews and application
performance recommendations
• Provides two functionalities
• CodeGuru Reviewer : automated code reviews for static code analysis (development)
• CodeGuru Profiler : visibility/recommendations about application performance during
runtime (production)

CodeGuru Reviewer CodeGuru Profiler


Detect and optimize Identify performance
Built-in code reviews the expensive lines and cost improvements
with actionable of code pre-prod in production
recommendations

Coding Build & Test Deploy Measure

© Stephane Maarek
NOT FOR DISTRIBUTION © Stephane Maarek www.datacumulus.com
Amazon CodeGuru Reviewer
• Identify critical issues, security
vulnerabilities, and hard-to-find bugs
• Example: common coding best practices,
resource leaks, security detection, input
validation
• Uses Machine Learning and automated
reasoning
• Hard-learned lessons across millions of
code reviews on 1000s of open-source
and Amazon repositories
• Supports Java and Python
• Integrates with GitHub, Bitbucket, and
AWS CodeCommit

https://aws.amazon.com/codeguru/features/
© Stephane Maarek
NOT FOR DISTRIBUTION © Stephane Maarek www.datacumulus.com
Amazon CodeGuru Profiler
• Helps understand the runtime behavior of your
application
• Example: identify if your application is consuming
excessive CPU capacity on a logging routine
• Features:
• Identify and remove code inefficiencies
• Improve application performance (e.g., reduce CPU
utilization)
• Decrease compute costs
• Provides heap summary (identify which objects using
up memory)
• Anomaly Detection
• Support applications running on AWS or on-
premise
• Minimal overhead on application

https://aws.amazon.com/codeguru/features/
© Stephane Maarek
NOT FOR DISTRIBUTION © Stephane Maarek www.datacumulus.com
Amazon CodeGuru Reviewer - Extras
• CodeGuru Reviewer Secrets Detector
• Uses ML to identify hardcoded secrets embedded in your code (e.g., passwords,
API keys, credentials, SSH keys...)
• Besides scanning code, it scans configuration and documentation files
• Suggests remediation to automatically protect your secrets with Secrets
Manager
hardcoded secret
detected in
.travis.yml scan a repository
CodeCommit

CodeGuru Secrets
create Secret
https://aws.amazon.com/blogs/aws/codeguru-reviewer-secrets-detector-identify-hardcoded-secrets/ Reviewer AWS Access Key Manager

© Stephane Maarek
NOT FOR DISTRIBUTION © Stephane Maarek www.datacumulus.com
Amazon CodeGuru Profiler - Extras
• Integrate and apply CodeGuru Profiler to Lambda functions either using:
• Function Decorator @with_lambda_profiler
• Add codeguru_profiler_agent dependency to your Lambda function .zip file or
use Lambda Layers

• Enable Profiling in the Lambda function configuration

© Stephane Maarek

You might also like