1
00:00:00,313 --> 00:00:03,480
‫Okay, so now let's discuss CodeArtifact.

2
00:00:03,480 --> 00:00:06,240
‫So the idea is that when you build software,

3
00:00:06,240 --> 00:00:09,150
‫you use other software that your own software depends on.

4
00:00:09,150 --> 00:00:11,490
‫This is called code dependencies.

5
00:00:11,490 --> 00:00:12,840
‫And every time you build software

6
00:00:12,840 --> 00:00:15,930
‫it's very common to push the software into a repository,

7
00:00:15,930 --> 00:00:17,850
‫and then other software can build onto it.

8
00:00:17,850 --> 00:00:19,620
‫So there is this whole dependencies,

9
00:00:19,620 --> 00:00:21,960
‫and this whole dependencies web

10
00:00:21,960 --> 00:00:24,150
‫is called artifact management.

11
00:00:24,150 --> 00:00:26,760
‫So traditionally, when you use artifacts

12
00:00:26,760 --> 00:00:29,460
‫you set up your own artifact management system,

13
00:00:29,460 --> 00:00:31,410
‫and the idea is that it could be quite complicated.

14
00:00:31,410 --> 00:00:35,160
‫So using CodeArtifact, you get a secure, scalable,

15
00:00:35,160 --> 00:00:37,890
‫cost-effective artifact management system

16
00:00:37,890 --> 00:00:39,780
‫for software development.

17
00:00:39,780 --> 00:00:41,430
‫And CodeArtifact has more than this.

18
00:00:41,430 --> 00:00:42,780
‫I'll show you this in the diagram,

19
00:00:42,780 --> 00:00:44,370
‫but it has integration

20
00:00:44,370 --> 00:00:45,960
‫with common dependency measuring tools

21
00:00:45,960 --> 00:00:50,520
‫such as Maven, Gradle, npm, yarn, twine, pip, and NuGet.

22
00:00:50,520 --> 00:00:53,460
‫And the idea is that using CodeArtifact,

23
00:00:53,460 --> 00:00:56,550
‫both developers and CodeBuild can retrieve the dependencies

24
00:00:56,550 --> 00:01:00,210
‫straight from CodeArtifact within your AWS cloud.

25
00:01:00,210 --> 00:01:03,180
‫So let's do a diagram is going to be much clearer.

26
00:01:03,180 --> 00:01:04,440
‫So with CodeArtifact,

27
00:01:04,440 --> 00:01:08,340
‫all your artifacts live within your VPC, within AWS.

28
00:01:08,340 --> 00:01:11,100
‫Sometimes if you use other artifact management systems

29
00:01:11,100 --> 00:01:13,230
‫they could be third parties outside of AWS,

30
00:01:13,230 --> 00:01:15,180
‫or if you deploy your own artifact measurement system

31
00:01:15,180 --> 00:01:17,250
‫they could live on these two instances, for example.

32
00:01:17,250 --> 00:01:20,040
‫In which case, yes, of course it will be within your VPC.

33
00:01:20,040 --> 00:01:22,050
‫So with CodeArtifact, you're going to define domains,

34
00:01:22,050 --> 00:01:26,040
‫and each domain is just a set of repositories.

35
00:01:26,040 --> 00:01:28,530
‫Now, as a developer, the cool thing is

36
00:01:28,530 --> 00:01:30,540
‫that you can tell the developers, hey,

37
00:01:30,540 --> 00:01:33,390
‫you need to, for example, for your JavaScript developers

38
00:01:33,390 --> 00:01:35,790
‫run the npm command to fetch dependencies

39
00:01:35,790 --> 00:01:39,000
‫for your JavaScript packages to CodeArtifact.

40
00:01:39,000 --> 00:01:41,670
‫And CodeArtifact is going to be a proxy

41
00:01:41,670 --> 00:01:43,770
‫for public artifact repositories.

42
00:01:43,770 --> 00:01:46,080
‫So instead of having your JavaScript developers

43
00:01:46,080 --> 00:01:47,850
‫actually directly reach into

44
00:01:47,850 --> 00:01:49,890
‫the public artifact repo themselves,

45
00:01:49,890 --> 00:01:51,780
‫they're going to reach to CodeArtifact,

46
00:01:51,780 --> 00:01:55,290
‫which is going to be wired to public artifact repositories

47
00:01:55,290 --> 00:01:57,600
‫and the request will be proxied.

48
00:01:57,600 --> 00:01:59,130
‫Why will you do this, well for two reasons,

49
00:01:59,130 --> 00:02:00,570
‫number one, network security.

50
00:02:00,570 --> 00:02:02,580
‫So your JavaScript developers

51
00:02:02,580 --> 00:02:04,860
‫only interact with CodeArtifact,

52
00:02:04,860 --> 00:02:08,490
‫and CodeArtifact will proxy the request to the public repo.

53
00:02:08,490 --> 00:02:12,960
‫But also as the dependencies are being fetched,

54
00:02:12,960 --> 00:02:16,560
‫they're going to be cached into CodeArtifact itself.

55
00:02:16,560 --> 00:02:19,770
‫Which means that even if the dependency disappears

56
00:02:19,770 --> 00:02:22,260
‫from the public artifact repository,

57
00:02:22,260 --> 00:02:25,200
‫you will still have your own copy within CodeArtifact.

58
00:02:25,200 --> 00:02:27,030
‫Which is good to make sure that your code

59
00:02:27,030 --> 00:02:29,430
‫can always be built in the future.

60
00:02:29,430 --> 00:02:31,470
‫Now this works for not just JavaScript,

61
00:02:31,470 --> 00:02:33,030
‫but also for Python with pip.

62
00:02:33,030 --> 00:02:36,930
‫It works for .net with NuGet and Java with Maven.

63
00:02:36,930 --> 00:02:39,120
‫Okay? So all these things can be proxied

64
00:02:39,120 --> 00:02:43,050
‫from CodeArtifact into this own repositories.

65
00:02:43,050 --> 00:02:44,670
‫But the second thing you can do is obviously

66
00:02:44,670 --> 00:02:46,920
‫push your own artifacts.

67
00:02:46,920 --> 00:02:49,530
‫And so your IT leader or your developers can publish

68
00:02:49,530 --> 00:02:52,650
‫and approve packages to be pushed into other repositories

69
00:02:52,650 --> 00:02:53,760
‫within CodeArtifact.

70
00:02:53,760 --> 00:02:55,800
‫That means that all your artifacts will live

71
00:02:55,800 --> 00:02:57,510
‫in one place in your VPC.

72
00:02:57,510 --> 00:03:00,390
‫And everything will just depend on everything,

73
00:03:00,390 --> 00:03:03,643
‫all the code that's already within your CodeArtifact,

74
00:03:03,643 --> 00:03:05,610
‫artifact management system.

75
00:03:05,610 --> 00:03:07,350
‫And if developers can get

76
00:03:07,350 --> 00:03:09,510
‫all these artifacts out of CodeArtifact,

77
00:03:09,510 --> 00:03:11,730
‫then of course CodeBuild can also too.

78
00:03:11,730 --> 00:03:12,900
‫And it is that now CodeBuild

79
00:03:12,900 --> 00:03:15,270
‫instead of fetching from public repositories,

80
00:03:15,270 --> 00:03:18,570
‫can also fetch all this information

81
00:03:18,570 --> 00:03:20,580
‫directly from CodeArtifact.

82
00:03:20,580 --> 00:03:23,130
‫Next, how does CodeArtifact changes

83
00:03:23,130 --> 00:03:26,160
‫trigger some stuff downstream in AWS?

84
00:03:26,160 --> 00:03:29,250
‫So we will see this service in detail later on,

85
00:03:29,250 --> 00:03:33,900
‫but CodeArtifact events such as when a package is created

86
00:03:33,900 --> 00:03:37,050
‫or modified or deleted will emit events

87
00:03:37,050 --> 00:03:38,520
‫into what's called EventBridge.

88
00:03:38,520 --> 00:03:42,180
‫And EventBridge is like a repository of events within AWS.

89
00:03:42,180 --> 00:03:44,910
‫And from EventBridge, you can pretty much integrate

90
00:03:44,910 --> 00:03:47,730
‫and trigger many different AWS services,

91
00:03:47,730 --> 00:03:51,810
‫such as Lambda functions, Step functions, SNS, SQS.

92
00:03:51,810 --> 00:03:54,690
‫And if none of these terms mean anything to you by now,

93
00:03:54,690 --> 00:03:55,523
‫that's okay.

94
00:03:55,523 --> 00:03:57,870
‫We will see these later on in this course.

95
00:03:57,870 --> 00:04:00,510
‫And also, for example, CodePipeline.

96
00:04:00,510 --> 00:04:03,270
‫So it is possible for CodeArtifact

97
00:04:03,270 --> 00:04:06,540
‫to trigger CodePipeline through EventBridge,

98
00:04:06,540 --> 00:04:09,960
‫whenever a package version for example is updated.

99
00:04:09,960 --> 00:04:12,000
‫And so why would we wanna do this?

100
00:04:12,000 --> 00:04:15,480
‫Well, for example, CodePipeline could have CodeCommit

101
00:04:15,480 --> 00:04:18,540
‫so that we know that the dependency has been updated.

102
00:04:18,540 --> 00:04:21,900
‫Then triggering CodeBuild to rebuild your application

103
00:04:21,900 --> 00:04:25,440
‫with the updated dependency maybe for security reasons.

104
00:04:25,440 --> 00:04:28,110
‫And then finally deploy the new application

105
00:04:28,110 --> 00:04:31,380
‫to your production environment using CodeDeploy.

106
00:04:31,380 --> 00:04:33,480
‫So this could be a nice automated way

107
00:04:33,480 --> 00:04:35,760
‫to build a full automated pipeline

108
00:04:35,760 --> 00:04:38,580
‫that ensures that you always have the latest dependencies

109
00:04:38,580 --> 00:04:40,923
‫in your code within your builds.

110
00:04:41,850 --> 00:04:45,150
‫So any artifact repository within your accounts

111
00:04:45,150 --> 00:04:49,200
‫can be easily accessed by your users of your accounts

112
00:04:49,200 --> 00:04:52,380
‫or your roles with your accounts with an IAM policy.

113
00:04:52,380 --> 00:04:55,110
‫But if you want to authorize another account,

114
00:04:55,110 --> 00:04:59,160
‫and users and roles of that account to access CodeArtifact

115
00:04:59,160 --> 00:05:01,860
‫then you need to use a resource policy.

116
00:05:01,860 --> 00:05:04,320
‫So when you grant someone access

117
00:05:04,320 --> 00:05:07,050
‫to a CodeArtifact repository,

118
00:05:07,050 --> 00:05:08,370
‫what's going to happen is that you

119
00:05:08,370 --> 00:05:12,210
‫either give them access to all packages or none of them.

120
00:05:12,210 --> 00:05:15,630
‫You cannot say only access these packages.

121
00:05:15,630 --> 00:05:19,980
‫So when you authorize another account to access your repo

122
00:05:19,980 --> 00:05:22,950
‫you authorize, for example, Bob in Account B

123
00:05:22,950 --> 00:05:26,760
‫to access all packages within that specific repo.

124
00:05:26,760 --> 00:05:30,840
‫And to give access to Bob to your accounts,

125
00:05:30,840 --> 00:05:34,260
‫what you can do is use a resource policy in which

126
00:05:34,260 --> 00:05:36,600
‫you authorize, for example, Bob of the other

127
00:05:36,600 --> 00:05:41,100
‫accounts to read the packages in your code artifact repo.

128
00:05:41,100 --> 00:05:43,800
‫And this cannot be done without a resource policy

129
00:05:43,800 --> 00:05:45,390
‫but it's just something you need to know

130
00:05:45,390 --> 00:05:46,560
‫for one question at the exam.

131
00:05:46,560 --> 00:05:49,140
‫But this is a recurring topic in AWS.

132
00:05:49,140 --> 00:05:50,760
‫Whenever you need cross account access

133
00:05:50,760 --> 00:05:53,190
‫sometimes, most of the times, resource policies

134
00:05:53,190 --> 00:05:55,350
‫are going to be the way to go.

135
00:05:55,350 --> 00:05:57,420
‫Okay, so that's it for this lecture.

136
00:05:57,420 --> 00:05:58,680
‫I hope you liked it,

137
00:05:58,680 --> 00:06:00,723
‫and I will see you in the next lecture.