Using Maven packages in CodeBuild
Set up permissions with IAM roles
These steps are required when using Maven packages from CodeArtifact in CodeBuild.
Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/
. -
In the navigation pane, choose Roles. On the Roles page, edit the role used by your CodeBuild build project. This role must have the following permissions.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codeartifact:GetAuthorizationToken", "codeartifact:GetRepositoryEndpoint", "codeartifact:ReadFromRepository" ], "Resource": "*" }, { "Effect": "Allow", "Action": "sts:GetServiceBearerToken", "Resource": "*", "Condition": { "StringEquals": { "sts:AWSServiceName": "codeartifact.amazonaws.com" } } } ] }Important
If you also want to use CodeBuild to publish packages, add the
codeartifact:PublishPackageVersionandcodeartifact:PutPackageMetadatapermissions.For information, see Modifying a Role in the IAM User Guide.
Use gradle or mvn
To use Maven packages with gradle or mvn, store the CodeArtifact auth
token in an environment variable, as described in Pass an auth
token in an environment variable. The following is an example.
Note
It is only necessary to upgrade the AWS CLI with pip3 install awscli --upgrade --user if you are using an older CodeBuild image.
If you are using the latest image versions, you can remove that line.
pre_build: commands: - pip3 install awscli --upgrade --user - export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domainmy_domain--domain-owner111122223333--query authorizationToken --output text`
To use Gradle:
If you referenced the CODEARTIFACT_AUTH_TOKEN variable in your Gradle
build.gradle file as described in Using CodeArtifact with Gradle, you can invoke your Gradle build from the
buildspec.yaml
build section.
build: commands: - gradle build
To use mvn:
You must configure your Maven configuration files (settings.xml
and pom.xml) following the instructions in Using CodeArtifact with mvn.
