My project uses a library from AWS CodeArtifact. I can fetch the library and build the project in my local and in the github build. When the AWS CodePipeline runs in our Dev environment, CodeArtifact returns a 401 when trying to access the library.
I updated the IAM role running the Pipeline so that it has these actions:
{
"Effect": "Allow",
"Action": [
"codeartifact:GetAuthorizationToken",
"codeartifact:GetRepositoryEndpoint",
"codeartifact:ReadFromRepository"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "sts:GetServiceBearerToken",
"Resource": "*",
"Condition": {
"StringEquals": {
"sts:AWSServiceName": "codeartifact.amazonaws.com"
}
}
}
I updated the Repository Policy to include this IAM role. The Repository Policy has these actions:
"codeartifact:DescribePackageVersion",
"codeartifact:DescribeRepository",
"codeartifact:GetPackageVersionReadme",
"codeartifact:GetPackageVersionAssets",
"codeartifact:GetRepositoryEndpoint",
"codeartifact:ListPackageVersionAssets",
"codeartifact:ListPackageVersionDependencies",
"codeartifact:ListPackageVersions",
"codeartifact:ListPackages",
"codeartifact:PublishPackageVersion",
"codeartifact:PutPackageMetadata",
"codeartifact:ReadFromRepository",
"codeartifact:GetAuthorizationToken"
My build.gradle is using the repository as described here and works in my local this way - https://medium.com/@chauyan/use-aws-codeartifact-in-your-project-7bf5d3e0d3dc
I'm guessing it has to do with the way the library was published, maybe it doesn't have the right permissions, but I don't see that the permissions are changeable here. Why am I getting a 401 from CodeArtifact when trying to build the project in CodePipeline?
