-->

aws codeartifact, nuget

CodeArtifact is the software artifact repository service provided by AWS. In the previous article, you covered the basics of NuGet - Microsoft’s package management platform for .NET applications. You looked into the basics of package consumption using NuGet.org (the default package repository). In this article, you will learn more about creating and publishing your packages to your private repository using AWS CodeArtifact.

Prerequisites

Why host your own NuGet Repository?

You can create a free account on NuGet Gallery and publish your packages freely. So why would you want to host your own repository instead of this option?

Privacy

When you publish your packages to the NuGet gallery (or any other public repository), you instantly expose your code to the world. Anyone can download and examine your code (it may require decompiling .NET assemblies to code but it’s still possible). This may be your intention in the first place, especially if you’re working on an open-source project, but if you want to keep your code private, having your own private repository would be the preferred option.

Access Control

When you have your own private repository, you can control who can access your code. You can also host it in isolated networks so your automation can work without Internet access.

Security

When you publish your packages on a public repository and download from there, your system’s security is tied to that remote system’s security. Any package you download can be compromised and risk your entire system’s security.

Auditing

If you only allow your applications and developers to download packages from pre-approved and audited locations, you won’t have to worry about rogue packages sneaking in.

CodeArtifact Basics

When working with AWS CodeArtifact, you need to be familiar with 2 concepts:

  • Domains

  • Repositories

Domain

A domain is a logical unit for grouping repositories. In most cases, you would need only one domain for your company or team. The idea of having an artifact repository is to share code between projects. So if you lock down your repositories too much you might end up having constant access issues or duplicating packages.

Repository

A repository contains software artifacts such as packages, libraries, and scripts that are stored in a centralized manner and meant to be shared among projects.

Set Up CodeArtifact

Go to AWS CodeArtifact in AWS Management Console.

This article uses the us-east-1 (N.Virginia) region. Feel free to use whatever AWS region you prefer. Make sure to check the CodeArtifact pricing page too although the difference between regions should be negligible for the purposes of the demo project.

Click the Create domain button.

Screenshot showing the Create domain button in the Domains page

Enter the name of your domain. It doesn’t have to be too specific. you will create repositories later which should be more specific to the project but the domain can be more generic such as your company name.

Screenshot showing the domain name entered as cloud-experiments and the Create domain button to finish setup.

AWS CodeArtifact uses the domain name and your account ID to generate a unique domain URL. You will use this when pulling and pushing packages.

Then go to Repositories and click the Create repository button.

Screenshot showing the Create repository button in the Repositories page

The repository name can be the name of your project or something more generic such as shared or common. In this example, I’ll use common. You can give it a description too to explain the purpose.

Screenshot showing the repository settings

You can also select an upstream repository (nuget-store for .NET which uses NuGet.org). Public upstream repositories are intermediate repositories to download packages from the public repository and cache them. This allows the user to automatically use the missing packages from the private repository. In this example, leave the public upstream repository empty and click Next.

Next, you choose the domain this repository will belong to. Each repository is part of a domain. You can use cross-account domains as well by selecting the Different AWS account option. In this example, select your own account and select the domain you created in the previous step.

Screenshot showing the AWS account and domain selection

Review your selection in the next screen and click Create repository to finish the setup.

If you click on the repository details, you should see the details such as the ARN of the repository and the domain it belongs to. So far, it’s just a generic repository as you haven’t specified anything about .NET. Next, you will set up the .NET client connection.

Set Up Client Connection

In the packages section, you can see the View connection instructions button. This is very useful for setting up your client.

Screenshot showing the packages list and View connection instructions button.

AWS CodeArtifact supports various package managers such as Maven, Python, npm and NuGet. For this example, select .NET from the list. NuGet is more suitable for Windows-based legacy .NET Framework projects. .NET CLI works best if you’re using a Mac or Linux for a .NET Core or later project.

In the next section, 3 options are provided. I recommend using the manual setup. This gives you more control over how you set things up. It’s likely you will need to have this kind of setup in your CI/CD pipeline as well to be able to restore packages during the build process. So it’s a good practice to be able to replicate these steps later.

The next step is to obtain the auth token. The guide shows the command suitable for your platform. On Mac, it should look something like this:

export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain cloud-experiments --domain-owner {YOUR AWS ACCOUNT ID} --region us-east-1 --query authorizationToken --output text`

Run the command and assuming your default profile credentials are valid and have permission to carry out the request, then it should obtain the auth code and assign it to the CODEARTIFACT_AUTH_TOKEN variable that is valid for 12 hours.

The final step is to add your repository to your repository list by running the following command:

dotnet nuget add source "https://{YOUR DOMAIN NAME}-{YOUR AWS ACCOUNT ID}.d.codeartifact.us-east-1.amazonaws.com/nuget/common/v3/index.json" -n "{YOUR DOMAIN NAME}/{YOUR REPO NAME}" -u "aws" -p "${CODEARTIFACT_AUTH_TOKEN}" --store-password-in-clear-text

The store-password-in-clear-text flag is only required on non-Windows platforms as encryption is not supported.

Once you’ve run the command, you should see a confirmation on your terminal saying the repo is added successfully.

To verify your setup, run the following command:

dotnet nuget list source

You should see both the default NuGet.org and your private repository:

Terminal window showing the registered NuGet sources including the private CodeArtifact repository

Publish Package to Your Repository

Now that you have a private NuGet repository of your own, take advantage of it and publish your first package.

Create a new .NET class library by running the following command:

mkdir CodeArtifactBasics
cd CodeArtifactBasics
dotnet new classlib

Open the project in your IDE and rename Class1.cs to Calculator.cs and update the contents with below:

namespace CodeArtifactBasics;

public class Calculator
{
    public int Add(int x, int y)
    {
        return x + y;
    }
}

Run the following command to create a NuGet package for your project:

dotnet pack

You should have version 1.0.0 of your package created under the bin/Debug directory. The final step is to push it to your CodeArtifact repository by running the following command:

dotnet nuget push ./bin/Debug/CodeArtifactBasics.1.0.0.nupkg --source {YOUR DOMAIN}/{YOUR REPO}

If you refresh your package list on the CodeArtifact page, you should now see your newly published package:

Screenshot showing the newly published package in the packages list

Consume Packages From Your Private Repository

So your calculator library is in your package repository available to be consumed in your projects. Create a consumer project by running the following command:

dotnet new console --name CalculatorClient

Then, open the project in your IDE.

To consume the NuGet package, run the following command in a terminal at the root of the new console project:

dotnet add package codeartifactbasics

If you take a look at the command output, you should notice that it queries both nuget.org and your private repository:

Terminal window showing the requests for downloading the NuGet package

You can see the 2 GET requests sent to both repositories. Since there is no codeartifactbasics package in nuget.org, it returns a NotFound response while your CodeArtifact repository returns a successful result. It then goes ahead and fetches the actual package and adds to your project.

You can check the package in your IDE as well. It depends on the IDE but in Rider it looks like this:

Window showing the CodeArtifactBasics package added to the CalculatorClient project.

You can now update the Program.cs with the following code and you should be able to run your program without any issues:

using CodeArtifactBasics;

var calc = new Calculator();
var result = calc.Add(1, 2);
Console.WriteLine(result);

Conclusion

In this article, you covered the basics of AWS’s package management service. You learned how to create a new private repository, authenticate against the repo and publish and consume packages. In later articles, we will dive deeper into the NuGet protocol and CodeArtifact.

Resources

dev nuget, dotnet

NuGet is a package manager for the Microsoft development environment. Nowadays the requirements for the applications are more complex than ever. It’s very hard for a development team to implement all the code used in a complex system, especially the generic utilities which are common for all applications and not specific to the application domain. This is where consuming already developed packages comes in very helpful.

What’s a NuGet package?

A Nuget package is a zip file, with .nupkg extension, that contains compiled code, other related files and some descriptive metadata. This metadata contains the package version, author info and some other optional information. You’ll learn more about it later in this article.

Why use the NuGet package manager?

As stated before, it’s next to impossible to develop a mid to large-sized application without using any external packages. To manage the packages you consume, you will need a package manager.

The benefits of using NuGet package manager can be summarized as below:

Easy Package Management

NuGet simplifies the process of managing third-party libraries and tools in your projects. It provides a centralized repository where you can discover, download, and install packages with just a few clicks.

Dependency Management

NuGet automatically manages dependencies between packages. When you install a package, NuGet ensures that any other packages it depends on are also installed. This helps prevent version conflicts and ensures that your project uses compatible versions of libraries.

Versioning

NuGet packages are versioned, allowing you to specify the exact version of a package that your project needs. This helps maintain consistency across development, testing, and production environments.

Integration with Visual Studio and other popular IDEs

NuGet is tightly integrated with Visual Studio, which is the primary integrated development environment (IDE) for .NET development. This integration makes it easy to manage packages directly from the Visual Studio IDE.

Command-Line Interface (CLI)

In addition to the Visual Studio integration, NuGet provides a command-line interface (CLI) for those who prefer working in a console environment. This flexibility allows developers to incorporate package management into their build scripts and automation processes.

Community Contributions

NuGet has a large and active community of developers who contribute packages to the NuGet Gallery. This means you can easily access a wide range of libraries and tools created by others, saving you from reinventing the wheel.

NuGet Gallery

The NuGet Gallery serves as a central repository for NuGet packages, making it a convenient hub for sharing and discovering packages. You can find packages for various purposes and from different authors in one place.

Package Restoration

NuGet simplifies the process of restoring packages in a project. When you open a project on a new machine or a different environment, NuGet can automatically download and install the required packages, reducing setup time.

NuGet.org

NuGet.org, the official NuGet package source, is a reliable and well-maintained repository. It ensures that the packages you download are trustworthy and have passed certain quality standards.

How to install NuGet?

There are a number of ways to use NuGet. For legacy projects (.NET Framework projects) you can download Nuget CLI directly. For more info, check out how to Install NuGet Client tools.

dotnet CLI used to have its own repository, but nowadays, it’s part of the .NET SDK. You can download the dotnet framework here as well.

If you already have Visual Studio or JetBrains Rider installed on your system you should have the required CLIs installed already. This article will use the dotnet CLI and dotnet 7 in the demo project.

To test your CLI installation, run the following command:

dotnet --version

You should see the dotnet version printed on your terminal window.

Demo Project Setup

To follow along and practice using NuGet, it’s advised you follow the steps below to create your own playground. Alternatively, you can clone the accompanying GitHub repository to get the final code:

git clone https://github.com/volkanpaksoy/public-source-code --branch blog/nuget-basics

Run the following snippet to create the project:

mkdir NuGetBasics
cd NuGetBasics
dotnet new console

NuGet Package Metadata

The metadata in a NuGet package is stored in an XML file with .nuspec extension. The mandatory elements are:

<id></id>
<version></version>
<description></description>
<authors></authors>

You can also also projectUrl, license, icon etc. you can find the full list of elements here.

To see the .nuspec file in action, run the following command in your terminal while in the same directory as the .csproj file:

dotnet pack

You should see an output like this:

The output of dotnet pack command

Then run the following command to check the contents of the bin/Debug folder:

ls -la ./bin/Debug

Terminal window showing the contents of bin/Debug directory

As stated before, .nupkg is simply a zip file. You can change the extension and unpack by running the following commands:

mv ./bin/Debug/NuGetBasics.1.0.0.nupkg NuGetBasics.zip
unzip NuGetBasics.zip -d package-contents
ls -la ./package-contents

You should see an output like this:

Terminal window showing the commands to rename the .nupkg file to a zip file, extract it and list the contents

You can see the NugetBasics.nuspec file listed in the directory.

Open the file in a text editor and it should look like this:

Contents of .nuspec file showing the required elements

When you run the dotnet pack command, it automatically populates the required XML elements with default values.

Instead of packaging your output with an extra command like this, you can specify to create a package with every build. To achieve this, edit your .csproj file and add the following line in the PropertyGroup element:

<GeneratePackageOnBuild>true</GeneratePackageOnBuild>

How to consume NuGet packages

In the demo project, you want to get the path of a JSON file, read it, parse it and display it in the console window. To achieve this, update Program.cs with the following code:

var filepath = args[0];

using (StreamReader file = File.OpenText(filepath))
using (JsonTextReader reader = new JsonTextReader(file))
{
    JObject obj = (JObject)JToken.ReadFrom(reader);
    Console.WriteLine(obj);
}

This is just a sample code taken from the Newtonsoft.Json package’s website. It’s probably one of the most popular Nuget packages that has been used in lots of different projects. Instead of reinventing the wheel, you would naturally want to leverage using this library and quickly implement your own solution. To be able to use this library, first, you need to add it to your project by running the following command:

dotnet add package Newtonsoft.Json

Next, add the references to the library on top of the Program.cs file as shown below:

using Newtonsoft.Json;
using Newtonsoft.Json.Linq;

Now, you can run your application by providing a path to a JSON file (you can find a sample in the GitHub repo at this path)

The output should look like this:

Terminal window showing the output of a sample JSON file

By running a single command you now have all this JSON parsing functionality available to you in your application for free.

If you open the .csproj file, you should see the reference to the package:

The version number in your project may differ based on when you are downloading the package.

To update the package, all you have to to is run the same command (dotnet add package). If the package already exists and there is a newer version, it automatically downloads the latest and updates the reference in the project file.

If you want to remove a reference to a package, you can run the following command:

dotnet remove package Newtonsoft.Json

Conclusion

In this article, you looked into the main benefits of package management and the basics of NuGet packages. You also covered how to use packages using a demo application. There is a lot more involved with packages such as creating and publishing your own packages, hosting your own private repositories etc. which will be covered in future articles.

Resources

aws twilio, sendgrid, route53

When you use Twilio SendGrid for sending emails, you have two options to verify your sender addresses:

  • Single sender verification

  • Domain authentication

If you select the first option, you need to confirm you have access to that address by clicking on the confirmation link that will be sent to that address. Domain authentication, however, requires access to the domain’s DNS records. In this article, you will learn how to achieve this when your domain is hosted on AWS Route 53.

Prerequisites

You can create a free AWS account, but hosted domains are not covered in Free Tier. A hosted domain costs $0.50 per month, but for testing purposes, you will not be charged if you delete it within 12 hours of creation. For further details, please check Route 53 pricing.

Start Domain Authentication

In your SendGrid account, go to Sender Authentication.

Click the Get Started button in the Authenticate Your Domain section:

In the DNS host list, select Amazon Route 53:

Authenticate Your Domain page showing Amazon Route 53 as host

Leave the branding option as No and click the Next button at the bottom right.

On the next page, enter your domain in the From Domain input:

Authenticate Your Domain page asking for the domain to authenticate

Click Next.

To verify your domain ownership, you will be asked to add CNAME records to your domain:

CNAME records are displayed to be added to the DNS

Update DNS Records

Now open the hosted zones in the AWS Route 53 console in another tab.

Click your domain and click the Create record button:

Route53 records page showing the Create record button

Select CNAME as the record type and enter the name before the domain as the record name.

Then, paste the value in the Value area:

Create record page showing the details of the new DNS record

Click Create records.

Repeat this step for all the CNAME records displayed on your SendGrid account.

Verify DNS Records

Now go back to the Install DNS Records page on your SendGrid account.

Tick I’ve added these records checkbox and click the Verify button.

DNS records may take a few minutes to propagate, so it may take a few tries until SendGrid verifies the new entries in your domain.

Once done, you should see a success message to confirm your domain has been verified:

Verify Your Domain page showing the success message

You should see the verified domain on the Sender Authentication page too:

Sender Authentication page shows the verified domain

Test sending email

If you already don’t have a mechanism to test your set-up, you can follow the steps below. The example below demonstrates creating a C# console application to send emails. If dotnet is not your cup of tea, you can visit SendGrid documentation for examples in many other languages.

Go to the API Keys page and click the Create API key button.

Give a meaningful name to the key and select Full Access.

Click Create & View.

Click the API key displayed on your screen to copy it to your clipboard. This is your one and only chance to save your key, so make sure to store it in a secure place.

Create a new console application by running the following command:

dotnet new console -o SendGrid.DomainAuthTest

Open the project in your IDE.

Add your API key as an environment variable:

export SENDGRID_API_KEY={your key}

Change to your project folder in the terminal and add SendGrid SDK via NuGet:

dotnet add package SendGrid

Replace the contents of the Program.cs with the following code by replacing the sender and recipient addresses to match your setup:

using SendGrid;
using SendGrid.Helpers.Mail;

var apiKey = Environment.GetEnvironmentVariable("SENDGRID_API_KEY");
var client = new SendGridClient(apiKey);
var from = new EmailAddress("any-address-would-do@yourdomain.com", "Verified Domain Test");
var subject = "This is sent from a random name from the verified domain";
var to = new EmailAddress("{ your recipient address }", "Recipient");
var plainTextContent = "Text content";
var htmlContent = "<strong>HTML content</strong>";
var msg = MailHelper.CreateSingleEmail(from, to, subject, plainTextContent, htmlContent);
await client.SendEmailAsync(msg);

Run the application by running the following command:

dotnet run

You should now receive the test email from the email address you specified.

Conclusion

Verifying the domain may be more cumbersome than verifying a single address, but once you’ve done it, you can send emails from any address you want. Of course, this doesn’t allow you to receive replies which require you to have valid inboxes, which will be discussed in other articles.