[ aws . codeartifact ]
Generates a temporary authorization token for accessing repositories in the domain. This API requires the codeartifact:GetAuthorizationToken
and sts:GetServiceBearerToken
permissions. For more information about authorization tokens, see CodeArtifact authentication and tokens .
Note
CodeArtifact authorization tokens are valid for a period of 12 hours when created with the login
command. You can call login
periodically to refresh the token. When you create an authorization token with the GetAuthorizationToken
API, you can set a custom authorization period, up to a maximum of 12 hours, with the durationSeconds
parameter.
The authorization period begins after login
or GetAuthorizationToken
is called. If login
or GetAuthorizationToken
is called while assuming a role, the token lifetime is independent of the maximum session duration of the role. For example, if you call sts assume-role
and specify a session duration of 15 minutes, then generate a CodeArtifact authorization token, the token will be valid for the full authorization period even though this is longer than the 15-minute session duration.
See Using IAM Roles for more information on controlling session duration.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
get-authorization-token
--domain <value>
[--domain-owner <value>]
[--duration-seconds <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--domain
(string)
The name of the domain that is in scope for the generated authorization token.
--domain-owner
(string)
The 12-digit account number of the Amazon Web Services account that owns the domain. It does not include dashes or spaces.
--duration-seconds
(long)
The time, in seconds, that the generated authorization token is valid. Valid values are
0
and any number between900
(15 minutes) and43200
(12 hours). A value of0
will set the expiration of the authorization token to the same expiration of the user’s role’s temporary credentials.
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.
See ‘aws help’ for descriptions of global parameters.
Note
To use the following examples, you must have the AWS CLI installed and configured. See the Getting started guide in the AWS CLI User Guide for more information.
Unless otherwise stated, all examples have unix-like quotation rules. These examples will need to be adapted to your terminal’s quoting rules. See Using quotation marks with strings in the AWS CLI User Guide .
To get an authorization token
The following get-authorization-token
example retrieves a CodeArtifact authorization token.
aws codeartifact get-authorization-token \
--domain test-domain \
--query authorizationToken \
--output text
Output:
This command will return the authorization token. You can store the output in an environment variable when calling the command.
For more information, see Configure pip without the login command in the AWS CodeArtifact User Guide.
authorizationToken -> (string)
The returned authentication token.
expiration -> (timestamp)
A timestamp that specifies the date and time the authorization token expires.