Create VPC endpoints for CodeArtifact
To create virtual private cloud (VPC) endpoints for CodeArtifact, use the Amazon EC2
create-vpc-endpoint
AWS CLI command. For more information, see Interface VPC
Endpoints (AWS PrivateLink) in the Amazon Virtual Private Cloud User Guide.
Two VPC endpoints are required so that all requests to CodeArtifact are in the AWS network.
The first endpoint is used to call CodeArtifact APIs (for example,
GetAuthorizationToken
and CreateRepository
).
com.amazonaws.
region
.codeartifact.api
The second endpoint is used to access CodeArtifact repositories using package managers and build tools (for example, npm and Gradle).
com.amazonaws.
region
.codeartifact.repositories
The following command creates an endpoint to access CodeArtifact repositories.
aws ec2 create-vpc-endpoint --vpc-id
vpcid
--vpc-endpoint-typeInterface
\ --service-name com.amazonaws.region.codeartifact.api --subnet-idssubnetid
\ --security-group-idsgroupid
--private-dns-enabled
The following command creates an endpoint to access package managers and build tools.
aws ec2 create-vpc-endpoint --vpc-id
vpcid
--vpc-endpoint-typeInterface
\ --service-name com.amazonaws.region.codeartifact.repositories --subnet-idssubnetid
\ --security-group-idsgroupid
--private-dns-enabled
Note
When you create a codeartifact.repositories
endpoint, you must
create a private DNS hostname using the --private-dns-enabled
option.
If you can't or do not want to create a
private DNS hostname when you create the codeartifact.repositories
endpoint, you must follow an extra configuration step to use
your package manager with CodeArtifact from a VPC. See Use the codeartifact.repositories endpoint without private DNS for more information.
After creating VPC endpoints, you may need to do more configuration with security group rules to use the endpoints with CodeArtifact. For more information about security groups in Amazon VPC, see Security groups.
If you are having issues connecting to CodeArtifact, you can use the VPC Reachability Analyzer tool to debug the issue. For more information, see What is VPC Reachability Analyzer?