# What is AWS CodeArtifact?
AWS CodeArtifact is a secure, highly scalable, managed artifact repository service that helps organizations to store and share software packages for application development. You can use CodeArtifact with popular build tools and package managers such as the NuGet CLI, Maven, Gradle, npm, yarn, pip, and twine. CodeArtifact helps reduce the need for you to manage your own artifact storage system or worry about scaling its infrastructure. There are no limits on the number or total size of the packages that you can store in a CodeArtifact repository.
You can create a connection between your private CodeArtifact repository and an external, public repository, such as npmjs.com or Maven Central. CodeArtifact will then fetch and store packages on demand from the public repository when they're requested by a package manager. This makes it more convenient to consume open-source dependencies used by your application and helps ensure they're always available for builds and development. You can also publish private packages to a CodeArtifact repository. This helps you share proprietary software components between multiple applications and development teams in your organization.
For more information, see [AWS CodeArtifact](https://aws.amazon.com/codeartifact/).
## How does CodeArtifact work?
CodeArtifact stores software packages in repositories. Repositories are polyglot—a single repository can contain packages of any supported type. Every CodeArtifact repository is a member of a single CodeArtifact domain. We recommend that you use one production domain for your organization with one or more repositories. For example, you might use each repository for a different development team. Packages in your repositories can then be discovered and shared across your development teams.
To add packages to a repository, configure a package manager such as npm or Maven to use the repository endpoint (URL). You can then use the package manager to publish packages to the repository. You can also import open-source packages into a repository by configuring it with an external connection to a public repository such as npmjs, NuGet Gallery, Maven Central, or PyPI. For more information, see [Connect a CodeArtifact repository to a public repository](external-connection.md).
You can make packages in one repository available to another repository in the same domain. To do this, configure one repository as an upstream of the other. All package versions available to the upstream repository are also available to the downstream repository. In addition, all packages that are available to the upstream repository through an external connection to a public repository are available to the downstream repository. For more information, see [Working with upstream repositories in CodeArtifact](repos-upstream.md).
CodeArtifact requires users to authenticate with the service in order to publish or consume package versions. You must authenticate to the CodeArtifact service by creating an authorization token using your AWS credentials. Packages in CodeArtifact repositories cannot be made publicly available. For more information about authentication and access in CodeArtifact, see [AWS CodeArtifact authentication and tokens](tokens-authentication.md).
# AWS CodeArtifact concepts
Here are some concepts and terms to know when you use CodeArtifact.
**Topics**
+ [
## Asset
](#welcome-concepts-asset)
+ [
## Domain
](#welcome-concepts-domain)
+ [
## Repository
](#welcome-concepts-repository)
+ [
## Package
](#welcome-concepts-package)
+ [
## Package group
](#welcome-concepts-package-group)
+ [
## Package namespace
](#welcome-concepts-package-namespace)
+ [
## Package version
](#welcome-concepts-package-version)
+ [
## Package version revision
](#welcome-concepts-package-version-revision)
+ [
## Upstream repository
](#welcome-concepts-upstream)
## Asset
An *asset* is an individual file stored in CodeArtifact that's associated with a package version, such as an npm `.tgz` file or Maven POM and JAR files.
## Domain
Repositories are aggregated into a higher-level entity known as a *domain*. All package assets and metadata are stored in the domain, but they are consumed through repositories. A given package asset, such as a Maven JAR file, is stored once per domain, no matter how many repositories it's present in. All of the assets and metadata in a domain are encrypted with the same AWS KMS key (KMS key) stored in AWS Key Management Service (AWS KMS).
Each repository is a member of a single domain and can't be moved to a different domain.
Using a domain, you can apply an organizational policy across multiple repositories. With this approach, you determine which accounts can access repositories in the domain, and which public repositories can be used as the sources of packages.
Although an organization can have multiple domains, we recommend a single production domain that contains all published artifacts. That way, teams can find and share packages across your organization.
## Repository
A CodeArtifact *repository* contains a set of [package versions](#welcome-concepts-package-version), each of which maps to a set of [assets](#welcome-concepts-asset). Repositories are polyglot—a single repository can contain packages of any supported type. Each repository exposes endpoints for fetching and publishing packages using tools like the nuget CLI, the npm CLI, the Maven CLI (mvn), and pip. You can create up to 1,000 repositories per domain.
## Package
A *package* is a bundle of software and the metadata that is required to resolve dependencies and install the software. In CodeArtifact, a package consists of a package name, an optional [namespace](#welcome-concepts-package-namespace) such as `@types` in `@types/node`, a set of package versions, and package-level metadata such as npm tags.
AWS CodeArtifact supports [Cargo](using-cargo.md), [generic](using-generic.md), [Maven](using-maven.md), [npm](using-npm.md), [NuGet](using-nuget.md), [PyPI](using-python.md), [Ruby](using-ruby.md), [Swift](using-swift.md) package formats.
## Package group
*Package groups* can be used to apply configuration to multiple packages that match a defined pattern using package format, package namespace, and package name. You can use package groups to more conveniently configure package origin controls for multiple packages. Package origin controls are used to block or allow ingestion or publishing of new package versions, which protects users from malicious actions known as dependency substitution attacks.
## Package namespace
Some package formats support hierarchical package names to organize packages into logical groups and help avoid name collisions. For example, npm supports scopes. For more information, see the [npm scopes documentation](https://docs.npmjs.com/cli/v7/using-npm/scope). The npm package `@types/node` has a scope of `@types` and a name of `node`. There are many other package names in the `@types` scope. In CodeArtifact, the scope (“types”) is referred to as the package namespace and the name (“node”) is referred to as the package name. For Maven packages, the package namespace corresponds to the Maven groupID. The Maven package `org.apache.logging.log4j:log4j` has a groupID (package namespace) of `org.apache.logging.log4j` and the artifactID (package name) `log4j`. For generic packages, a [namespace](https://docs.aws.amazon.com/codeartifact/latest/APIReference/API_PublishPackageVersion.html#namespace) is required. Some package formats such as PyPI don't support hierarchical names with a concept similar to npm scope or Maven groupID. Without a way to group package names, it can be more difficult to avoid name collisions.
## Package version
A *package version* identifies the specific version of a package, such as `@types/node 12.6.9`. The version number format and semantics vary for different package formats. For example, npm package versions must conform to the [Semantic Versioning specification](https://semver.org/). In CodeArtifact, a package version consists of the version identifier, package version level metadata, and a set of assets.
## Package version revision
A *package version revision* is a string that identifies a specific set of assets and metadata for a package version. Each time a package version is updated, a new package version revision is created. For example, you might publish a source distribution archive (**sdist**) for a Python package version, and later add a Python **wheel** that contains compiled code to the same version. When you publish the **wheel**, a new package version revision is created.
## Upstream repository
One repository is *upstream* of another when the package versions in it can be accessed from the repository endpoint of the downstream repository. This approach effectively merges the contents of the two repositories from the point of view of a client. Using CodeArtifact, you can create an upstream relationship between two repositories.
## How do I get started with CodeArtifact?
We recommend that you complete the following steps:
1. **Learn** more about CodeArtifact by reading [AWS CodeArtifact concepts](codeartifact-concepts.md).
1. **Set up** your AWS account, the AWS CLI, and an IAM user by following the steps in [Setting up with AWS CodeArtifact](get-set-up-for-codeartifact.md).
1. **Use** CodeArtifact by following the instructions in [Getting started with CodeArtifact](getting-started.md).