GitLab CI CloudFormation Deploy Job

cloudformation.gitlab-ci.yml

.cloudformation:
  stage: cloudformation
  variables:
    AWS_DEFAULT_REGION: ''
    CFN_ASSUME_ROLE_ARN: ''
    CFN_TEMPLATE: cloudformation/template.yml
    CFN_STACK_NAME: 'MyStack'
    CFN_DEPLOY_EXTRA_ARGS: ''
  image:
    name: amazon/aws-cli
    entrypoint: ['']
  before_script:
    - aws --version
    - yum install -q -y jq
    - jq --version
    # Assume an IAM role to be used for AWS API calls. This could also done with an AWS config file (~/.aws/config).
    - if [ ! -z "$CFN_ASSUME_ROLE_ARN" ]; then
    -   assume_role_json=$(aws sts assume-role --role-arn "$CFN_ASSUME_ROLE_ARN" --role-session-name "GitLab-CI-Pipeline-${CI_PIPELINE_ID}")
    -   export AWS_ACCESS_KEY_ID=$(echo "$assume_role_json" | jq -r .Credentials.AccessKeyId)
    -   export AWS_SECRET_ACCESS_KEY=$(echo "$assume_role_json" | jq -r .Credentials.SecretAccessKey)
    -   export AWS_SESSION_TOKEN=$(echo "$assume_role_json" | jq -r .Credentials.SessionToken)
    - fi
  script:
    - export EC=0
    - if ! aws cloudformation deploy --template-file "$CFN_TEMPLATE" --stack-name "$CFN_STACK_NAME" $CFN_DEPLOY_EXTRA_ARGS; then
    -   echo CLOUDFORMATION STACK DEPLOY FAILED!
    -   EC=1
    - fi
    - aws cloudformation describe-stacks --stack-name "$CFN_STACK_NAME"
    - exit $EC