Recently, Amazon announced the general availability (GA) of AWS CodeArtifact, a fully managed artifact repository service. With this service developers and organizations can securely store and share the software packages used in their development, build, and deployment processes.
As a managed service, AWS CodeArtifact is designed to make it easier for organizations to control the access and versioning of packages, as well as to track dependencies of software artifacts. The service organizes repositories under a central domain. However, individual repos can also be assigned to individual teams within the organization. Furthermore, different package types (Maven, npm, Python, etc.) can be used side by side within a repository.
According to AWS, developers can use their familiar tools to publish their packages in the repos or to integrate packages from external registries. AWS CodeArtifact currently supports the build tools and package managers Maven and Gradle (for Java), npm and yarn (for Javascript) as well as pip and twine (for Python) – and more are to follow.
Steve Roberts, a developer advocate, wrote in a recent blog post on AWS CodeArtifact:
CodeArtifact repositories are organized into a domain. We recommend that you use a single domain for your organization, and then add repositories to it. For example, you might choose to use different repositories for different teams. To publish packages into your repositories, or ingest packages from external repositories, you simply use the package manager tools your developers are used to.
Source: https://aws.amazon.com/codeartifact/
Furthermore, the service integrates with AWS Identity and Access Management to control package access, AWS CloudTrail for visibility into packages that are in use and if they need to be removed or deleted, and AWS Key management to control package encryption keys.
With AWS CodeArtifact, Amazon offers a similar service like GitHub, which offers private repositories, releases, project pages, Continuous Integration and Deployment (CICD) through actions. Moreover, Microsoft owns GitHub and also provides its Azure DevOps offering, including repros and package management. Yet, Charlie Robbins, senior director of engineering, UX Platform at GoDaddy, stated in a tweet:
AWS CodeArtifact was surgical in where they differentiated themselves from Github Package Registry by focusing on exactly GPR's current shortcomings (e.g. no pypi support, poor support for large corporate npm registries with multiple private & shadowed scopes)
Currently, AWS CodeArtifact is available across 10 AWS Regions globally in free and paid tiers. With the free tier, users have 2GB of storage and the first 100,000 requests for free every month, while the paid tier charges storage at US$0.055 per GB per month and US$0.065 per 10,000 requests. Further details on pricing are available on the pricing page.