I have created a AWS CodeArtifact repository, and would like to upload some artefacts to it, however when I try do so I get the following error:
Error
status code: 401, reason phrase: Unauthorized (401)
I have the following configuration on AWS CodeDeploy (using this AWS documentation as a guideline).
Domain: uat-myco and Repository: uat-myco-repository.
On my local machine, I try to use mvn deploy to upload an artefact to the repo.
.m2/settings.xml
<?xml version="1.0" encoding="UTF-8"?>
<settings xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd"
xmlns="http://maven.apache.org/SETTINGS/1.1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<servers>
<server>
<id>uat-myco-uat-myco-repository</id>
<username>aws</username>
<password>${env.CODEARTIFACT_AUTH_TOKEN}</password>
</server>
</servers>
<mirrors>
<mirror>
<id>uat-myco-uat-myco-repository</id>
<name>uat-myco-uat-myco-repository</name>
<url>https://uat-myco-domainownerid.d.codeartifact.us-east-1.amazonaws.com/maven/uat-myco-repository/</url>
<mirrorOf>*</mirrorOf>
</mirror>
</mirrors>
<proxies>
</proxies>
<activeProfiles>
<!--make the profile active all the time -->
<activeProfile>uat-myco-uat-myco-repository</activeProfile>
</activeProfiles>
<profiles>
<profile>
<id>uat-myco-uat-myco-repository</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<repositories>
<repository>
<id>uat-myco-uat-myco-repository</id>
<url>https://uat-myco-domainownerid.d.codeartifact.us-east-1.amazonaws.com/maven/uat-myco-repository/</url>
</repository>
</repositories>
</profile>
</profiles>
</settings>
As per the AWS CodeDeploy instructions, I set up the CODEARTIFACT_AUTH_TOKEN as follows (valid for 12 hrs):
export CODEARTIFACT_AUTH_TOKEN='aws codeartifact get-authorization-token --domain uat-myco --domain-owner domainownerid --region us-east-1 --query authorizationToken --output text'
Note: domainownerid = the Domain owner id (number removed for privacy reasons)
I then try deploy an artefact to the repo:
mvn deploy:deploy-file -DgroupId=myco-osgi-bom \
-DartifactId=myco-osgi-bom \
-Dversion=1.0 \
-Dfile=/Users/user/.m2/repository/com/myco/integration/myco-osgi-bom/1.0/myco-osgi-bom-1.0.pom \
-Dpackaging=xml \
-DrepositoryId=uat-myco-uat-myco-repository \
-Durl=https://uat-myco-domainownerid.d.codeartifact.us-east-1.amazonaws.com/maven/uat-myco-repository/
Output
[INFO] Scanning for projects...
Downloading from uat-myco-uat-myco-repository: https://uat-myco-domainownerid.d.codeartifact.us-east-1.amazonaws.com/maven/uat-myco-repository/org/apache/maven/plugins/maven-clean-plugin/3.2.0/maven-clean-plugin-3.2.0.pom
[WARNING] Failed to retrieve plugin descriptor for org.apache.maven.plugins:maven-clean-plugin:3.2.0: Plugin org.apache.maven.plugins:maven-clean-plugin:3.2.0 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache.maven.plugins:maven-clean-plugin:jar:3.2.0
[WARNING] org.codehaus.mojo/maven-metadata.xml failed to transfer from https://uat-myco-domainownerid.d.codeartifact.us-east-1.amazonaws.com/maven/uat-myco-repository/ during a previous attempt. This failure was cached in the local repository and resolution will not be reattempted until the update interval of uat-myco-uat-myco-repository has elapsed or updates are forced. Original error: Could not transfer metadata org.codehaus.mojo/maven-metadata.xml from/to uat-myco-uat-myco-repository (https://uat-myco-domainownerid.d.codeartifact.us-east-1.amazonaws.com/maven/uat-myco-repository/): status code: 401, reason phrase: Unauthorized (401)
[ERROR] No plugin found for prefix 'deploy' in the current project and in the plugin groups [org.apache.maven.plugins, org.codehaus.mojo] available from the repositories [local (/Users/richardmarais/.m2/repository), uat-myco-uat-myco-repository (https://uat-myco-domainownerid.d.codeartifact.us-east-1.amazonaws.com/maven/uat-myco-repository/)] -> [Help 1]
More Info
I run the following from the cmd line to see if the token can be generated.
$ aws codeartifact get-authorization-token --domain uat-myco --domain-owner domainownerid --region us-east-1 --query authorizationToken --output text
An error occurred (UnrecognizedClientException) when calling the GetAuthorizationToken operation: The security token included in the request is invalid.
Policy
I did try setting up a Repository policy to give full access, but this made no difference:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::domainownerid:root"
},
"Action": [
"codeartifact:AssociateExternalConnection",
"codeartifact:CopyPackageVersions",
"codeartifact:DeletePackageVersions",
"codeartifact:DeletePackage",
"codeartifact:DeleteRepository",
"codeartifact:DeleteRepositoryPermissionsPolicy",
"codeartifact:DescribePackageVersion",
"codeartifact:DescribeRepository",
"codeartifact:DisassociateExternalConnection",
"codeartifact:DisposePackageVersions",
"codeartifact:GetPackageVersionReadme",
"codeartifact:GetRepositoryEndpoint",
"codeartifact:ListPackageVersionAssets",
"codeartifact:ListPackageVersionDependencies",
"codeartifact:ListPackageVersions",
"codeartifact:ListPackages",
"codeartifact:PublishPackageVersion",
"codeartifact:PutPackageMetadata",
"codeartifact:PutRepositoryPermissionsPolicy",
"codeartifact:ReadFromRepository",
"codeartifact:UpdatePackageVersionsStatus",
"codeartifact:UpdateRepository"
],
"Resource": "*"
}
]
}
