AWS CloudFormation
Interesting enough, when you want to do something it’s never easy.
In the team we had the wish to be able to deploy on other AWS Accounts, and sure you can do a AWS Code Deploy, AWS CodePipeline and then you stand with twice as much infrastructure and need to write Gitlab CI and AWS CodePipeline
Assume role to the rescue, but wait you need to parse the output from aws sts assume-role and what role to become?
By using aws sts get-caller-identity you will be able to see who you are calling as.
Go and a little bit of magic using os/exec helped us to make a helper function we deploy in a Docker container and then magically we have the possiblity to become the exact role and also we notify AWS on what project, that just became somebody. I like Go, its very nice, for when you want to this kind of stuff. The documentation is pretty decent.