I have an issue while trying to publish a java library (jar) to an AWS CodeArtifact Maven repository. I get HTTP Status code 401 (unauthorized) when I try to publish it. Which would indicate that I'm doing something wrong like a missing CODEARTIFACT_AUTH_TOKEN environment variable, or using the wrong aws credentials/profile, etc. But AWS CodeArtifact is very straightforward: we just need to:
...Super simple. Yet I get 401 Unauthorized when I try to "mvn deploy-file" with my setup... See my full setup below:
I set up an AWS CodeArtifact domain, and Maven repository through a Cloudformation template (ignore the NPM and upstream repos if you want):
AWSTemplateFormatVersion: "2010-09-09"
Description: CodeArtifact Domain, Maven repo, NPM repo, and upsteam repos
Resources:
CodeArtifactDomain:
Type: AWS::CodeArtifact::Domain
Properties:
DomainName: mydomain
PermissionsPolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- codeartifact:CreateRepository
- codeartifact:DescribeDomain
- codeartifact:GetAuthorizationToken
- codeartifact:GetDomainPermissionsPolicy
- codeartifact:ListRepositoriesInDomain
- sts:GetServiceBearerToken
- codeartifact:DescribePackageVersion
- codeartifact:DescribeRepository
- codeartifact:GetPackageVersionReadme
- codeartifact:GetRepositoryEndpoint
- codeartifact:ListPackageVersionAssets
- codeartifact:ListPackageVersionDependencies
- codeartifact:ListPackageVersions
- codeartifact:ListPackages
- codeartifact:ReadFromRepository
- codeartifact:PublishPackageVersion
- codeartifact:PutPackageMetadata
Effect: Allow
Principal:
AWS:
- "arn:aws:iam::123456788904:root"
- "arn:aws:iam::123456789098:root"
- "arn:aws:iam::123456789087:root"
Resource: "*"
Tags:
- Key: Name
Value: CodeArtifact Domain
ArtifactUpstreamRepositoryMaven:
Type: AWS::CodeArtifact::Repository
Properties:
RepositoryName: maven-upstream-repo
DomainName: !GetAtt CodeArtifactDomain.Name
ExternalConnections:
- public:maven-central
ArtifactRepositoryMaven:
Type: AWS::CodeArtifact::Repository
Properties:
RepositoryName: maven-repo
Description: Maven CodeArtifact Repository
DomainName: !GetAtt CodeArtifactDomain.Name
Upstreams:
- !GetAtt ArtifactUpstreamRepositoryMaven.Name
Tags:
- Key: Name
Value: Maven CodeArtifact Repository
ArtifactUpstreamRepositoryNPM:
Type: AWS::CodeArtifact::Repository
Properties:
RepositoryName: npm-upstream-repo
DomainName: !GetAtt CodeArtifactDomain.Name
ExternalConnections:
- public:npmjs
ArtifactRepositoryNPM:
Type: AWS::CodeArtifact::Repository
Properties:
RepositoryName: npm-repo
Description: NPM CodeArtifact Repository
DomainName: !GetAtt CodeArtifactDomain.Name
Upstreams:
- !GetAtt ArtifactUpstreamRepositoryNPM.Name
Tags:
- Key: Name
Value: NPM CodeArtifact Repository
Outputs:
CodeArtifactDomain:
Description: The CodeArtifact Domain
Value: !Ref CodeArtifactDomain
Export:
Name: CodeArtifactDomain
I ran the above cloudformation template and confirmed that it completed successfully then navigated to CodeArtifact to check that the CodeArtifact Domain and Repositories were successfully created (they are). I then looked up the connection instructions for my repository. Using these conneciton instructions I first cut and paste the first one:
export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain mydomain --domain-owner <MY_ACCOUNT_NUMBER --query authorizationToken --output text`
I then go setup my maven settings in ~/.m2/settings.xml and put all the settings shown on the connection instructions (in the AWS Console) for my repository:
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 https://maven.apache.org/xsd/settings-1.2.0.xsd">
<servers>
<server>
<id>mydomain-maven-repo</id>
<username>aws</username>
<password>${env.CODEARTIFACT_AUTH_TOKEN}</password>
</server>
</servers>
<profiles>
<profile>
<id>mydomain-maven-repo</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<repositories>
<repository>
<id>mydomain-maven-repo</id>
<url>https://mydomain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/</url>
</repository>
</repositories>
</profile>
</profiles>
</settings>
Finally, I try to mvn:deploy one of my libraries to the AWS CodeArtifact maven repo:
mvn deploy:deploy-file \
-DgroupId=com.myorg \
-DartifactId=my-client_2.12 \
-Dversion=1.0.1-play28 \
-Dfile=./my-client_2.12-1.0.1-play28.jar \
-Dsources=./my-client_2.12-1.0.1-play28-sources.jar \
-Djavadoc=./my-client_2.12-1.0.1-play28-javadoc.jar \
-Dpackaging=jar \
-DrepositoryId=maven-repo \
-Durl=https://mydomain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/
And I get this error:
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------< org.apache.maven:standalone-pom >-------------------
[INFO] Building Maven Stub Project (No POM) 1
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- maven-deploy-plugin:2.7:deploy-file (default-cli) @ standalone-pom ---
Uploading to maven-repo: https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.jar
Uploading to maven-repo: https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.319 s
[INFO] Finished at: 2021-09-27T15:10:56-04:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy-file (default-cli) on project standalone-pom: Failed to deploy artifacts: Could not transfer artifact my-client_2.12:jar:1.0.1-play28 from/to maven-repo (https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/): Transfer failed for https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.jar 401 Unauthorized -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
I can confirm that I'm using the correct credentials in my ~/.aws/credentials by running
aws sts get-caller-identity
I also confirm that I
I have no idea why I get 401 unauthorized when I mvn deploy-file... Any ideas?
Arg, found it. The issue is in one of the "mvn deploy:deploy-file" arguments:
The:
-DrepositoryId=maven-repo
... needs to match the server id in ~/.m2/settings.xml:
<id>mydomain-maven-repo</id>
If I change my mvn command to put:
-DrepositoryId=mydomain-maven-repo
... The error 401 Unauthorized goes away!!! Argg AWS: shouldn't this be a 404, 400, or other? This is not an unauthorized, it's an unknown repository. It's pushing the definition of 401...
Anyway, dear Internet: if CodeArtifact ever returns 401 on you, be aware you might have misconfigured something. It might not be an authorization issue.