DEV Community: Kenechukwu Okeke

Phase 3: Securing Packages with AWS CodeArtifact

Kenechukwu Okeke — Thu, 13 Mar 2025 19:04:56 +0000

Overview

In Phase 3 of the Seven Days DevOps Challenge, I'm taking my cloud infrastructure to the next level by implementing AWS CodeArtifact. After setting up an EC2 instance in Phase 1 and integrating with GitHub in Phase 2, this phase focuses on package management - a component of modern software development pipelines.
CodeArtifact provides a secure, scalable artifact repository that integrates seamlessly with common build tools and package managers like Maven. This allowed me to store, publish, and share software packages securely.

Key Learnings

Through this phase, I gained valuable knowledge on:

Package Management in AWS
I learned how to create and configure a secure repository for storing Java packages.
Repository Domains
I understood how CodeArtifact organizes repositories within domains for better governance.
Upstream Repositories
I configured connections to public repositories like Maven Central to automatically pull and cache dependencies.
Access Control for Packages
I implemented proper IAM policies to secure access to package repositories.

Key Tools and Concepts

For this phase, I used the following tools and services:
AWS CodeArtifact
A fully managed artifact repository service that makes it easy to securely store and share software packages.
Maven
A build automation tool used primarily for Java projects to manage dependencies.
AWS IAM
Identity and Access Management that provides fine-grained access control to AWS services.
Upstream repository
A backup source where your repository looks for packages if they are not already stored locally.

Steps

Step 1: CodeArtifact repository
The first step was to create a new CodeArtifact repository in the AWS Management Console. I navigated to the CodeArtifact service and set up a repository named "nextwork-devops-day3-kene." I added a description to specify that this repository would store packages related to a Java web application used in NextWork’s CI/CD pipeline series. To ensure dependency management, I selected Maven Central Store as an upstream repository, which allows automatic pulling of public dependencies when needed. To organize my repositories, I created a domain. I named it "nextwork" to match my organization’s naming convention.

Step 2: Reviewing the Package Flow
After setting up the domain and repository, I reviewed the package flow diagram provided by AWS. This helped me understand how packages would be managed within the system:External packages from public:maven-central flow into maven-central-store. My repository retrieves packages from maven-central-store. This ensures that packages are cached and verified before being used in my application.

Step 3: Connecting to the Repository
Once the domain and repository were set up, I needed to connect my local or cloud environment to CodeArtifact. I clicked on "View connection instructions" in the AWS console to get the setup details. The instructions provided steps to configure my package manager and authentication method.
To authenticate and interact with the repository, I had to generate a CodeArtifact authorization token. The AWS console provided a command for exporting the token using the AWS CLI. However, I needed to ensure my AWS credentials were correctly configured on my system before running the command.

Step 4: Connecting to the EC2 Instance
To connect the ec2 instance I ran the following code on it in order to export the codeArtifact authorization token for authorization:

export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain nextwork --domain-owner 039612887229 --region eu-west-1 --query authorizationToken --output text`

The code ran in an error because the ec2 instance didn't have the permission to interact with the Code Artifact.

To solve this issue, I created an IAM role and policy for this purpose.
This role allowed my EC2 instance to authenticate with CodeArtifact securely.

Step 5: Creating of the Settings.xml
To store the credentials securely in Maven, I created a settings.xml file. This file included the repository credentials, referencing the AWS authorization token dynamically

Step 6: Compiling the Project with Maven
With authentication configured, I proceeded to compile my Java web application using Maven

mvn compile --settings settings.xml

This process successfully pulled dependencies from the CodeArtifact repository

Conclusion

Phase 3 of the Seven Days DevOps Challenge demonstrates how to use AWS CodeArtifact to secure and manage dependencies for a web application.This phase builds on the previous work of setting up an EC2 instance and implementing version control with GitHub, adding component to the DevOps pipeline.

Phase 2: Connecting a GitHub Repo with AWS

Kenechukwu Okeke — Wed, 12 Mar 2025 18:47:00 +0000

Overview

In Phase 1 of the Seven Days DevOps Challenge, I set up an EC2 instance on AWS and configured a remote SSH connection using VS Code. Now, in Phase 2, I'll be integrating GitHub with the AWS environment to implement version control for the cloud-based web application.

This phase is important for DevOps workflows because it enables automatic code updates on AWS whenever changes are pushed to GitHub. Whether you deploy manually using git pull or automate with AWS CodeDeploy, this setup enhances efficiency.

Key Learnings

Through this phase, I gained valuable knowledge on the following
GitHub Authentication Methods
I understood the secure alternatives to password authentication and how to implement them.
Git Workflow Management
I learnt how to handle common scenarios like merging changes, resolving conflicts, and synchronizing local and remote repositories.
Credential Management
I properly secured and configured Git credentials for ongoing use.
AWS and GitHub Integration
I established a connection between cloud resources and version control systems, which is fundamental for DevOps practices.

Key Tools and Concepts

For this phase, I used the following tools and services:
GitHub
A platform where developers store and manage their code. It helps track changes and collaborate with others.
Git
A tool that records changes in code, allowing developers to revert, update, and share their work easily.
Personal Access Token (PAT)
A secure key used instead of a password to connect GitHub with Git on the command line.
Git Commands
Basic commands I used to manage code changes:

git init – Starts a new Git repository.
git add – Prepares files for a commit.
git commit – Saves the changes with a message.
git push – Sends the changes to GitHub.

Steps

Step 1: Creating a GitHub Repository

To start integrating my web application with GitHub, I first by signed into my GitHub account and created a new repository to host the web application code. I named the repository "nextwork-devops-day2-kene" and added this description "This project demonstrates how to set up a web application in the cloud and integrate it with AWS services".

Step 2: Setting Up GitHub Authentication

To connect securely from my EC2 instance to GitHub, I needed to set up proper authentication. GitHub no longer supports password authentication for Git operations, so I created a Personal Access Token by navigating to GitHub Settings > Developer settings > Personal access tokens. I created a new personal access token for EC2 instance access then set an expiration period of 7 days (until March 19, 2025)

I selected the necessary scopes for the token:

repo (Full control of private repositories)
public_repo (Access public repositories)
repo:status (Access commit status)
repo_deployment (Access deployment status)
repo:invite (Access repository invitations)
security_events (Read and write security events)

After generating the token, I copied it immediately because GitHub only displays it once for security reasons.

Step 3: Installing Git on EC2
Before I could connect to GitHub from my EC2 instance, I needed to install Git:

sudo dnf update -y
sudo dnf install git -y

I verified the installation by checking the Git version:

git --version

Step 4: Initializing the Local Git Repository
Next, I initialized a Git repository in my existing web application directory:

git init

Git responded with a hint that it's using 'master' as the default branch name, while suggesting alternatives like 'main', 'trunk', or 'development' as more commonly used names.

Step 5: Configuring Git Authentication
To push to GitHub, I needed to set up my authentication credentials. When attempting to push using my username and password, I encountered an authentication error because GitHub has deprecated password authentication. To resolve this issue i used my username and Personal Access Token to continue.

Step 6: Resolving Push and Pull Conflicts
When trying to push my changes to GitHub, I encountered a rejection because the remote repository contained a file (README.md) that I didn't have locally. To solve this problem i first pulled the repository to my local system before trying to push the changes again

Because I did not want to keep writing my username and Personal Access Token and solved this problem by configuring Git to use my personal access token by storing my credentials.

git config --global credential.helper store

This command allowed me to push to the repository without authenticating everytime my token.

Step 7: Final Push and Verification
I completed a few more commits and pushes to ensure all my changes were synchronized with GitHub. The web application code, including the index.jsp file, was now properly stored in the GitHub repository and accessible for collaboration. I verified the changes were reflected in GitHub by viewing the repository, which showed my JSP file with the updated content.

Challenges and Solutions

During this phase, I encountered several common Git workflow challenges:
Authentication Failure
GitHub has deprecated password authentication, requiring the use of a personal access token or SSH key. I resolved this by creating a personal access token and configuring Git to store my credentials.
Divergent Branches
When pulling from GitHub after creating files both locally and on GitHub, I faced a divergent branches error. I needed to specify a merge strategy (using git config pull.rebase false) to reconcile these differences.
Push Rejection
My initial push was rejected because the remote repository contained files not present in my local repository. I resolved this by pulling first, then pushing after the merge.

Conclusion

Phase 2 of the Seven Days DevOps Challenge shows how to integrate GitHub with an AWS EC2 instance. This integration ensures that the code is properly tracked, backed up, and can be shared among team members, which is essential for software development workflows.
Stay tuned for Phase 3, where i'll explore storing of dependencies in CodeArtifact 🚀

Set Up a Web App in the Cloud using AWS and VsCode

Kenechukwu Okeke — Tue, 11 Mar 2025 13:19:16 +0000

Overview

Deploying a Web Application using AWS can seem overwhelming, but with the right setup, it becomes much easier. This guide walks you through setting up a Web app using AWS services and VsCode, covering everything from prerequisites to common challenges and solutions.

In this project, I'll be launching an EC2 instance on AWS, setting up a secure remote SSH connection using VsCode, and configuring the necessary development environment. This includes installing Maven and Java, which are essential for building and managing Java-based applications

Key concepts I learned:

Creating an EC2 instance: Setting up a virtual machine in AWS, choosing an appropriate AMI (Amazon Machine Image), instance type, and configuring security groups.
Connecting to an EC2 instance via SSH: Using a private key to establish a secure connection between my local machine and the cloud instance.
Using SSH in VsCode: Configuring VsCode to work with remote SSH connections, allowing direct development on the EC2 instance without needing to switch terminals.
Installing and Configuring Java & Maven: Setting up the necessary environment for building and running Java-based applications on AWS.

Key tools and concepts

For this project, I used the following services and tools:

EC2 Instance
A virtual computer/Server in the cloud that you can use to run programs, store files, and host websites without needing a physical machine.

Key Pair
A security system that lets you connect to your EC2 instance safely. It has two parts public Key (to be stored on the cloud computer) and private Key (strictly be saved on your own computer). You use the private key to log in securely instead of using a password.

VsCode
A code editor that makes it easy to work on your cloud computer remotely. It allows you to edit files and run commands on your EC2 instance without switching to a separate terminal.

SSH (Secure Shell)
A safe way to connect to your cloud computer over the internet/remotely. It lets you control your EC2 instance, run commands, and transfer files while keeping your connection secure.

.pem file
This file is a private key file used for secure SSH authentication. It is part of a key pair that AWS provides when you create an EC2 instance.

Steps

Step 1: Launching an EC2 instance

I started this project by launching an EC2 instance because the web app will be entirely created and run on the cloud. I selected Amazon Linux as my AMI since it’s lightweight, secure, and comes with pre-installed packages that are useful for development. And I chose the t2.micro instance, which is part of the AWS Free Tier, making it cost-effective while providing sufficient resources for this project.
I created a new key pair to securely connect to my instance and downloaded the .pem file, which is required for authentication when using SSH.
I opened port 22 (SSH) to allow remote access and restricted SSH access to my IP address instead of allowing access from anywhere (0.0.0.0/0), thereby enhancing security.
After verifying the configurations, I launched the instance. Once it was up and running, I noted the public DNS for connecting via SSH.

Step 2: Connecting to the Instance using VsCode

I used VsCode to connect to my EC2 instance via SSH.
I opened the terminal and entered into the directory where the .pem file was to change the permissions in order to restrict access to the file (.pem), making it readable only by me.
I used the command below to change the file permissions of the private key (.pem file) to make it more secure.

chmod 400 my-nextwork-keypair.pem

I connected to the instance throught my Vscode terminal and typed yes since the system does not recognize the EC2 instance as a trusted host yet. Tying yes allows SSH to save the server's fingerprint in the ~/.ssh/known_hosts file.

Step 3: Installion of Maven & Java

In this step i installed Maven and Java. Maven is required in this project because it automates the process of Compiling (a process of converting written code into machine code), Linking (compiling machine code with other dependencies), Packaging (assembling Files) and Testing of software and Java is required in this project because I'll be using Amazon Corretto 8, which is free, reliable, and provided by Amazon.

I verified the installion by using mvn -v for mava and java -version for java

Step 4: Creating the application

I generated a Java web app using the command:

mvn archetype:generate 
\ -DgroupId=com.nextwork.app 
\ -DartifactId=nextwork-web-project \ -
DarchetypeArtifactId=maven-archetype-webapp 
\ -DinteractiveMode=false

I installed "Remote - SSH", which is a VsCode's extension that allows you to connect to remote machines or servers using the SSH protocol and work on them as if they were local.
I set up the configuration details required to establish a remote connection include the Host(matching your EC2 instance's IPv4 DNS), the IdentityFile (pointing to the .pem key location on your local machine), and the User
Using VsCode's file explorer, I navigated the directory structure and files on my remote EC2 server through the "Remote - SSH" extension. This feature allowed me to view and manage project files just as if they were on my local machine.
To generate the project, I used Maven, a build automation tool that creates a structured template for Java applications. When the project was set up, Maven automatically generated key folders, including:
src Folder – Contains the application's source code, where all Java classes and logic are written.
webapp Folder – Holds web-related and configuration files for building and running the web application.

Step 5: Using Remote SSH

Index.jsp is a Java Server Pages (JSP) file that serves as the default landing page for a web application. It typically contains HTML mixed with Java code to dynamically generate content. I edited the index.js code by updating the HTML code to say my name.

Conclusion

This project marks Phase 1 of the Seven Days DevOps Challenge by setting up an EC2 instance and connecting via SSH using VsCode is a fundamental step in cloud-based development. By configuring security settings, managing key pairs, and establishing a remote connection, I have successfully laid the groundwork for deploying and managing the application on AWS.

See you in phase two !!🚀