Devops Tools Review – AWS CodeArtifact

Blog home

Service Description

AWS CodeArtifact (not to be confused with the compliance tool AWS Artifact) allows organisations to securely store, publish and share software packages used in their software development process.  User or organisation created or curated code can be organised into a custom repository and be logically linked with public repositories before it is made available for distribution.

The organisational unit for custom and public repositories is known as a domain.

Leveraged parts of public repositories are also cached within the CodeArtifact repository.

Example Use Case Scenario 1

An application has been developed which makes use of Python scripting to perform image processing and video manipulation. CodeArtifact is leveraged to create a domain. The domain creates a repository for the user-created or “fresh” and a public upstream repository is chosen during setup. PyPi is specified. Both repositories will be listed in the same single pane within CodeArtifact, grouped together as a domain.

Once the domain has been created, the local repository of the artefact can be uploaded through CLI operation.

Once the application has been installed by the end user, pip libraries such as Pillow and moviepy are grabbed through the public remote repository, delivered as part of the package and can be cached within the CodeArtifact repository as a resiliency failsafe.

Example Use Case Scenario 2

Fuelled by a need to reduce operating expense, an organisation is looking for an alternative to their existing GitHub solution and licensing costs.

CodeArtifact (in conjunction with CodeCommit for source and version control) can be leveraged in order to provide a pay-as-you-go model for services which require no maintenance from the customer. This can allow the customer more time to concentrate on producing code.

Additionally, this brings further benefits. Users have one less set of credentials to work with – they can use existing IAM accounts. Administrators can use IAM roles to manage access to packages. Known, working upstream repositories can be cached which protects against upstream developers’ code drifting resulting in problems with local repositories potentially failing.

Features of CodeArtifact

  • A secure location for storage of software packages. Integration with AWS Key Management Service to provide encrypted storage.
  • Reduction in overheads. No need to host an always-on repository server.
  • No fees or licensing above the pay-as-you-go rates
  • Access controlled through existing IAM accounts – no new credentials required 
  • Integration with existing package managers – ability to use an in-house package manager to publish or retrieve your developed software packages.


As of June 2020, there is still a limited number of external repositories which CodeArtifact makes use of. These are pypi, npm, Maven and Gradle. Software items from other public repositories may still need to be included in the user-created repository part of an artifact, or the end user may need to download and install the necessary dependencies separately.