Using Python packages in CodeBuild - CodeArtifact
Set up permissions with IAM rolesLog in and use pip or twine

Using Python packages in CodeBuild

The following steps have been tested with the operating systems listed in the Docker images provided by CodeBuild.

Set up permissions with IAM roles

These steps are required when using Python packages from CodeArtifact in CodeBuild.

  1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Roles. On the Roles page, edit the role used by your CodeBuild build project. This role must have the following permissions.

    {
  "Version": "2012-10-17",
  "Statement": [
      {
          "Effect": "Allow",
          "Action": [ "codeartifact:GetAuthorizationToken",
                      "codeartifact:GetRepositoryEndpoint",
                      "codeartifact:ReadFromRepository"
                      ],
          "Resource": "*"
      },
      {       
          "Effect": "Allow",
          "Action": "sts:GetServiceBearerToken",
          "Resource": "*",
          "Condition": {
              "StringEquals": {
                  "sts:AWSServiceName": "codeartifact.amazonaws.com"
              }
          }
      }
  ]
}
    Important

    If you also want to use CodeBuild to publish packages, add the codeartifact:PublishPackageVersion permission.

    For information, see Modifying a Role in the IAM User Guide.

Log in and use pip or twine

To use Python packages from CodeBuild, run the login command from the pre-build section of your project's buildspec.yaml file to configure pip to fetch packages from CodeArtifact. For more information, see Using CodeArtifact with Python.

After login has run successfully, you can run pip commands from the build section to install or publish Python packages.

Linux

Note

It is only necessary to upgrade the AWS CLI with pip3 install awscli --upgrade --user if you are using an older CodeBuild image. If you are using the latest image versions, you can remove that line.

To install Python packages using pip: 

pre_build:
  commands:
    - pip3 install awscli --upgrade --user
    - aws codeartifact login --tool pip --domain my_domain --domain-owner 111122223333 --repository my_repo
build:
  commands:
    - pip install requests

To publish Python packages using twine: 

pre_build:
  commands:
    - pip3 install awscli --upgrade --user
    - aws codeartifact login --tool twine --domain my_domain --domain-owner 111122223333 --repository my_repo
build:
  commands:
    - twine upload --repository codeartifact mypackage

Windows

To install Python packages using pip: 

version: 0.2
phases:
  install:
    commands:
      - '[Net.ServicePointManager]::SecurityProtocol = "Tls12"; Invoke-WebRequest https://awscli.amazonaws.com/AWSCLIV2.msi -OutFile $env:TEMP/AWSCLIV2.msi'
      - Start-Process -Wait msiexec "/i $env:TEMP\AWSCLIV2.msi /quiet /norestart"
  pre_build:
    commands:
      - '&"C:\Program Files\Amazon\AWSCLIV2\aws" codeartifact login --tool pip --domain my_domain --domain-owner 111122223333 --repository my_repo'
  build:
    commands:
      - pip install requests

To publish Python packages using twine: 

version: 0.2
phases:
  install:
    commands:
      - '[Net.ServicePointManager]::SecurityProtocol = "Tls12"; Invoke-WebRequest https://awscli.amazonaws.com/AWSCLIV2.msi -OutFile $env:TEMP/AWSCLIV2.msi'
      - Start-Process -Wait msiexec "/i $env:TEMP\AWSCLIV2.msi /quiet /norestart"
  pre_build:
    commands:
      - '&"C:\Program Files\Amazon\AWSCLIV2\aws" codeartifact login --tool twine --domain my_domain --domain-owner 111122223333 --repository my_repo'
  build:
    commands:
      - twine upload --repository codeartifact mypackage