This plugin facilitates accessing and deploying artifacts in CodeArtifact on Maven Intellij Idea projects.
AWS provides very specific instructions to set up Maven to support AWS CodeArtifact. Basically, your file ~/.m2/settings.xml must include a server specification such as:
<settings> <servers> <server> <id>coderazzi-project-yz</id> <username>aws</username> <password>${env.CODEARTIFACT_AUTH_TOKEN}</password> </server> </servers> </settings>
The token CODEARTIFACT_AUTH_TOKEN needs to be refreshed every 12 hours (by default) by doing:
export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain DOMAIN --domain-owner DOMAIN_OWNER --query authorizationToken --output text`
After issuing the previous command, the environment that executes the command has authorized access to CodeCommit.
The main problem here is that when using an IDE like IDEA, you would need to update the CODEARTIFACT_AUTH_TOKEN environment variable and then launch the IDE. And as the token needs to be refreshed, it is needed to quit the IDE and repeat the process every 12 hours. Plus, it is needed to update the environment variable in the same environment where the IDE is launched, quite inconvenient if launching the IDE from anywhere except the command line.
Idea allows to set up environment variables for MVN execution (under Settings/Build/Execution/Deployment/Build Tools/Maven/Runner), but this would imply to manually obtaining the token and updating the setting periodically.
A better option for this specific scenario is to automatically update the password in ~/.m2/settings.xml, to reflect the real token. That is, the settings file will look like:
<settings> <servers> <server> <id>coderazzi-project-yz</id> <username>aws</username> <password>REAL_CREDENTIALS_OBTAINED_FROM_AWS</password> </server> </servers> </settings>
CodeArtifact-Maven Idea plugin does exactly this simple task. Note that there is an AWS-supported AWS plugin, but it does not cover getting credentials for CodeArtifact
After installation, a menu entry appear under Tools: Generate AWS CodeArtifact credentials for Maven
When selected, a window appears to enter the required details:
The button Generate credentials will initiate the requests of a token to AWS and its inclusion in the maven settings file
From version 3.0.0, the plugin includes support for MFA, prompting the user to enter the MFA token if required.
Currently, only MFA based on roles is supported, where the chosen profile identifies a IAM role, not a IAM user. For more information on the distinction between role-based-MFA and user-based-MFA, check https://coderazzi.net/cloud/aws/mfa