[WatchDog]

This has been a fairly obvious service that has been missing for a while, nice to see them provide a solution.

Most dependency management tools have some kind of hacky support for using S3 directly.

Full fledged artifact management tools like Artifactory and Nexus support S3 backed storage.

Interesting to see that the pricing is approximately double that of S3, for what I imagine is not much more than a thin layer on top of it.

[ludjer]

Considering the price of Nexus and Artifactory this is way cheaper for a SAAS offering with SLA's. I imagine Artifactory is really going to have to up their product offering or at least lower their entry prices.

[hn_throwaway_99]

Github already released their package repo last year (and have since purchased NPM). If anything I imagine that had Artifactory pretty scared vs. this. If your company already uses GitHub it's a hard sell to say why you'd need something like Artifactory over the Github package repo.

[Turbots]

And since I've been trying GitHub Actions, I don't know why you would need artifactory, nexus or this aws service anymore. Github offers private repositories, releases, project pages, cicd through actions and Microsoft is offering plenty of deployment options on Azure with AKS or plain Azure Compute

[weehack]

https://twitter.com/pahudnet/status/1271141814389493760

[owenmarshall]

Meta: I’ve vouched for your killed comment. I suspect you may be shadowbanned.

[ludjer]

Thanks for letting me know, I will reach out to the HN email and ask them why. I suspect it is because of some comments where I got -Karma.

[SeanDav]

Looks like a kind mod un-shadowbanned you. Welcome to the land of the living!

[swyx]

despite appearances i'm a very casual HN reader and all this talk of shadowbanning makes me kinda nervous tbh. hope i havent done anything to displease the powers that be.

[SeanDav]

You are fine. New people with low karma are most at risk. Once you are a little established, you have to do something very upsetting to get shadowbanned, or be consistently unpleasant. Once established, a few controversial posts with negative karma should not be a problem.

Avoid criticizing HN staff or related companies. Gentle / kind disagreement is fine, but err on the side of keeping it private.

[mcrute]

> Interesting to see that the pricing is approximately double that of S3, for what I imagine is not much more than a thin layer on top of it.

There's a lot of necessary complexity in the backing platform. Encrypted package blobs are stored in S3 but there are a bunch of other distributed systems for doing things like package metadata tracking and indexing, upstream repository management, encryption, auditing, access control, package manager front-ends, etc... that are not immediately obvious and add cost. The platform that backs CodeArtifact is far from what I'd call a thin layer on top of S3. There is also a team of humans that operate and expand the platform.

Source: I lead the technical design for the product as well as a chunk of the implementation but left the team around mid-2018.

[djhaskin987]

To add to your list of Artifactory and Nexus, Pulp[1] is also a cool project in this space, and is fully open source.

Honestly the fact that they only support javascript, Python and Java is pretty bare bones compared to what the others on the above list support, and again as you say, for a fairly high price.

1: https://pulpproject.org/

[StreamBright]

We have used S3 successfully several times. You can create a Maven repository, use it as RPM repo and many other use cases to host artifacts. I am not sure what functionality is missing that cannot be implemented on the top of S3 and requires CodeArtifact.

[cremp]

For maven, to push artifacts via the correct mvn deploy:deploy-file requires a S3 wagon (transport layer) software to actually make the S3 calls. For bigger orgs, having everyone use a wagon is a non-starter.

All I'm seeing this does is give the proper http endpoints so you dont need the wagon. Is it worth ~2x the price, no, but it's better than the other enterprise-y solutions.

[StreamBright]

I see, I used it only for a small org. Maybe those companies can pay the 2x penalty.

[entee]

> Interesting to see that the pricing is approximately double that of S3, for what I imagine is not much more than a thin layer on top of it.

Haven’t looked carefully, but is there a difference in the guarantees it provides? Might be a performance or SLA difference.

[thayne]

It looks like the SLAs are about the same (https://aws.amazon.com/s3/sla/ and https://aws.amazon.com/codeartifact/sla/). I haven't seen any documentation on garantees for performance for either service, but I'm skeptical this will perform any better than s3.