Groovy Grape script to fetch a AWS Code Artifact token

Apache Groovy has a great feature called Grape:

Grape is a JAR dependency manager embedded into Groovy. Grape lets you quickly add maven repository dependencies to your classpath, making scripting even easier. The simplest use is as simple as adding an annotation to your script:

I recently needed a script to fetch a token to consume a AWS Code Artifact repository and save it in a file.


The following script shows how easy is to do that with a Groovy Script:


@Grab(group='', module='codeartifact', version='2.16.42')
@Grab(group='', module='sts', version='2.16.42')

String awsCodeArtifactRegion = 'eu-central-1'
String awsCodeArtifactDomain = 'XXX'
String awsCodeArtifactOwner = 'YYY'
String awsCodeArtifactRepository = 'libs'

class Token {
    String token
    Long expiration
class TokenRequest {
    String owner

    String domain

    String profile

    String region

    Integer durationSeconds
class TokenFetcher {
    static Token fetchToken(TokenRequest tokenRequest) {
        CodeartifactClient client = instantiateClient(tokenRequest)
        GetAuthorizationTokenRequest request = authorizationTokenRequest(tokenRequest)
        GetAuthorizationTokenResponse rsp = client.getAuthorizationToken(request)
        new Token(token: rsp.authorizationToken(), expiration: rsp.expiration().toEpochMilli())
    private static GetAuthorizationTokenRequest authorizationTokenRequest(TokenRequest tokenRequest) {
        GetAuthorizationTokenRequest.Builder tokenRequestBuilder = GetAuthorizationTokenRequest.builder()
        if (tokenRequest.durationSeconds) {
            tokenRequestBuilder = tokenRequestBuilder.durationSeconds(tokenRequest.durationSeconds)

    private static CodeartifactClient instantiateClient(TokenRequest tokenRequest) {
        CodeartifactClientBuilder builder = CodeartifactClient.builder()
        if (tokenRequest.region) {
            builder = builder.region(Region.of(tokenRequest.region))
        if (tokenRequest.profile) {
            builder = builder.credentialsProvider(ProfileCredentialsProvider.create(tokenRequest.profile))
TokenRequest tokenRequest = new TokenRequest()
tokenRequest.owner = awsCodeArtifactOwner
tokenRequest.domain = awsCodeArtifactDomain
tokenRequest.durationSeconds = 43200L
tokenRequest.region = awsCodeArtifactRegion
Token token = TokenFetcher.fetchToken(tokenRequest)
println """\
    "token": "${token.token}",
    "expiration": "${token.expiration}",
Properties properties = new Properties()
properties.setProperty("expiration","" + token.expiration)
properties.setProperty("codeartifactToken", token.token)
File outputFile = new File('')
if (!outputFile.exists()) {
}, "")
println "saved token to"


To execute the script:

  • Edit codeartifact.groovy and enter your AWS Code Artifact region, domain, owner and lib parameters at the top of the file.
  • Run aws configure and authenticate with a user with IAM access to AWS Code Artifact.
  • Run groovy codeartifact.groovy and obtain a token.

We needed a script instead of using the AWS CLI always, because in some environments we did not have the AWS CLI installed and we only had a AWS Secret Key and Access key ID exposed as environment variables.

Tags: #groovy #aws #awscodeartifact