AWS CloudFormation, CI/CD
and Assumption of a role
Interesting enough, when you want to do something it's never easy.
In the team we had the wish to be able to deploy on other AWS Accounts, and sure you can do a AWS Code
Deploy, AWS CodePipeline and then you stand with twice as much infrastructure and need to write Gitlab
CI and AWS CodePipeline
Assume role to the rescue, but wait you need to parse the output from
aws sts assume-role
and what role
aws sts get-caller-identity
you will be able to see who you are calling as.
Go and a little bit of magic using
helped us to make a helper function we deploy in a Docker
container and then magically we have the possiblity to become the exact role and also we notify AWS on
what project, that just became somebody.
I like Go, its very nice, for when you want to this kind of stuff.
The documentation is pretty decent, see more here AWS SDK for Go