Project Structure

Overview

The repository keeps CloudFormation assets, environment configuration, and automation in predictable places so helper scripts can discover them automatically.

Directory structure

.
├── .cfnlintrc                              # cfn-lint configuration
├── .checkov.yml                            # Checkov security config
├── .github/
│   ├── pull-request-template.md
│   └── workflows/
│       ├── cfn-lint-scan.yml               # Template linting
│       ├── checkov-scan.yml                # Security scanning
│       └── cloudformation-deploy-test.yml  # Environment deploy
├── parameters/
│   └── test/
│       └── oidc-provider.yml               # Generated by provision-repo.sh
├── requirements.txt
├── scripts/
│   ├── provision-repo.sh
│   ├── deploy-templates.sh
│   └── validate-templates.sh
└── templates/
    └── oidc-provider.yml

Note: Additional environment folders (e.g., parameters/staging/, parameters/production/) are created when you run provision-repo.sh for each environment.

Key directories

templates/

Stores CloudFormation templates to deploy. Each file can be YAML or JSON. The deploy script discovers every template in this folder and sends it to Rain.

Template	Purpose
`oidc-provider.yml`	GitHub Actions OIDC provider and IAM role

parameters/

Contains parameter files for different environments. Each subdirectory corresponds to an environment.

Important: Parameter filenames must match template names. templates/oidc-provider.yml pairs with parameters/test/oidc-provider.yml.

scripts/

Shell scripts for managing templates:

Script	Purpose
`provision-repo.sh`	Generate parameter and workflow files for an environment
`deploy-templates.sh`	Deploy templates using Rain
`validate-templates.sh`	Validate templates with cfn-lint and Checkov

.github/workflows/

CI/CD workflows:

Workflow	Purpose
`cfn-lint-scan.yml`	Validate template syntax and best practices
`checkov-scan.yml`	Security and compliance scanning
`cloudformation-deploy-<env>.yml`	Deploy to specific environment

Configuration files

.cfnlintrc

cfn-lint configuration for template validation:

templates:
  - templates/*.yml
ignore_templates:
  - codebuild.yaml

.checkov.yml

Checkov configuration for security scanning:

framework:
  - cloudformation
directory:
  - templates
skip-check:
  - CKV_AWS_7
  # Additional skips...

See Linting and Code Analysis for full configuration details.

Next steps

Environments - Multi-environment setup
CI/CD Workflows - Deployment automation
Scripts Reference - Detailed script documentation