steampipe plugin install aws

Table: aws_codeartifact_repository - Query AWS CodeArtifact Repository using SQL

The AWS CodeArtifact Repository is a fully managed software artifact repository service that makes it easier for organizations to securely store, publish, and share packages used in their software development process. AWS CodeArtifact eliminates the need for you to set up, operate, and scale the infrastructure for your artifact repositories, allowing you to focus on your software development. It works with commonly used package managers and build tools, and it integrates with CI/CD pipelines to seamlessly publish packages.

Table Usage Guide

The aws_codeartifact_repository table in Steampipe provides you with information about repositories within AWS CodeArtifact. This table allows you, as a DevOps engineer, to query repository specific details, including the repository's domain owner, domain name, repository name, administrator account, and associated metadata. You can utilize this table to gather insights on repositories, such as their ownership, associated domains, and more. The schema outlines the various attributes of the CodeArtifact repository for you, including the ARN, repository description, domain owner, domain name, and associated tags.

Examples

Basic info

Explore which AWS CodeArtifact repositories are owned by different domain owners and identify instances where specific tags and upstreams are used. This can help in gaining insights into the organization and management of your AWS resources.

select
arn,
domain_name,
domain_owner,
upstreams,
tags
from
aws_codeartifact_repository;
select
arn,
domain_name,
domain_owner,
upstreams,
tags
from
aws_codeartifact_repository;

List repositories with endpoints

Identify instances where repositories have specified endpoints. This could be useful in managing and organizing your AWS CodeArtifact repositories, by focusing on those repositories that have assigned endpoints.

select
arn,
domain_name,
domain_owner,
tags,
repository_endpoint
from
aws_codeartifact_repository
where
repository_endpoint is not null;
select
arn,
domain_name,
domain_owner,
tags,
repository_endpoint
from
aws_codeartifact_repository
where
repository_endpoint is not null;

List repository policy statements that grant external access

This example is used to identify any repository policy statements in the AWS CodeArtifact service that may be granting access to external entities. This is useful for auditing security and ensuring that no unauthorized access is being permitted.

select
arn,
p as principal,
a as action,
s ->> 'Effect' as effect
from
aws_codeartifact_repository,
jsonb_array_elements(policy_std -> 'Statement') as s,
jsonb_array_elements_text(s -> 'Principal' -> 'AWS') as p,
string_to_array(p, ':') as pa,
jsonb_array_elements_text(s -> 'Action') as a
where
s ->> 'Effect' = 'Allow'
and (
pa [ 5 ] != account_id
or p = '*'
);
Error: The corresponding SQLite query is unavailable.

Get upstream package details associated with each repository

Analyze the settings to understand the association between each repository and its corresponding upstream package details in the AWS CodeArtifact service. This can aid in managing dependencies and ensuring the correct version of a package is being used.

select
arn,
domain_name,
domain_owner,
u ->> 'RepositoryName' as upstream_repo_name
from
aws_codeartifact_repository,
jsonb_array_elements(upstreams) u;
select
arn,
domain_name,
domain_owner,
json_extract(u.value, '$.RepositoryName') as upstream_repo_name
from
aws_codeartifact_repository,
json_each(upstreams) u;

Schema for aws_codeartifact_repository

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
administrator_accounttextThe Amazon Web Services account ID that manages the repository.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
arntextThe Amazon Resource Name (ARN) specifying the repository.
descriptiontextThe description of the repository.
domain_nametext=The name of the domain that contains the repository.
domain_ownertext=The 12-digit account number of the Amazon Web Services account that owns the repository. It does not include dashes or spaces.
external_connectionsjsonbAn array of external connections associated with the repository.
nametext=The name of the repository.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
policyjsonbAn CodeArtifact resource policy that contains a resource ARN, document details, and a revision.
policy_stdjsonbContains the contents of the resource-based policy in a canonical form for easier searching.
regiontextThe AWS Region in which the resource is located.
repository_endpointjsonbA string that specifies the URL of the returned endpoint.
tagsjsonbA map of tags for the resource.
tags_srcjsonbA list of tags assigned to the resource.
titletextTitle of the resource.
upstreamsjsonbA list of upstream repositories to associate with the repository.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_codeartifact_repository