Top-level layout
The repository keeps CloudFormation assets, environment configuration, and automation in predictable places so the helper scripts can discover them automatically.
.
├── .cfnlintrc
├── .checkov.yml
├── .github
│ ├── pull-request-template.md
│ └── workflows
├── cfn-lint-scan.yml
│ ├── checkov-scan.yml
│ └── cloudformation-deploy-test.yml
├── LICENSE
├── parameters
│ ├── production
│ │ └── oidc-provider.yml
│ └── test
│ └── oidc-provider.yml
├── README.md
├── requirements.txt
├── scripts
│ ├── provision-repo.sh
│ ├── deploy-templates.sh
│ └── validate-templates.sh
└── templates
└── oidc-provider.yml.github/workflows/
Contains GitHub Actions workflows for CI/CD automation. The provisioning script generates an environment-specific deploy workflow (for example cloudformation-deploy-test.yml) alongside shared scanners such as checkov-scan.yml.
cfn-lint-scan.yml: Automates the validation of CloudFormation templates using cfn-lint to ensure compliance with AWS best practices and syntax rules.checkov-scan.yml: Automates the validation of CloudFormation templates using Checkov to ensure compliance and security.cloudformation-deploy-test.yml: Manages the deployment of CloudFormation stacks for testing purposes.
templates/
Stores CloudFormation templates that you plan to deploy. Each file can be YAML or JSON. The deploy script discovers every template in this folder and sends it to Rain.
oidc-provider.yml: Example template for setting up an OpenID Connect provider in AWS.
parameters/
This directory contains parameter files for different environments, such as production and test. Each subdirectory corresponds to an environment and contains YAML files that define parameters specific to that environment.
Important: It's crucial to ensure that the filename of each parameter file matches the corresponding template name in the templates/ directory. This naming convention allows scripts to correctly associate parameters with their respective templates during deployment.
For example, templates/oidc-provider.yml pairs with parameters/test/oidc-provider.yml. You can store JSON, .yml, or .yaml files; the deploy script will try each extension.
scripts/
Contains shell scripts for managing templates. These helpers encapsulate the Rain CLI flags, environment prompts, and dependency checks so you can run a single command per task.
deploy-templates.sh: Automates the deployment of CloudFormation templates using the Rain tool.provision-repo.sh: Generates the parameter and workflow files for your environment and in the repository with your AWS account information and the necessary variables for the OIDC provider.validate-templates.sh: Validates CloudFormation templates using Checkov to ensure they adhere to best practices.
Linting and policy configuration
Configuration files for static analyzers used locally and in CI. Adjust these files to codify organization-wide rules without touching individual templates.
.cfnlintrc: Configuration file for cfn-lint, a tool used to validate CloudFormation templates against AWS best practices and syntax rules..checkov.yml: Configuration file used by Checkov, a static analysis tool for infrastructure as code. It defines the rules and policies that Checkov will enforce when scanning your CloudFormation templates.
Prefer to see how environments are wired? Continue to Environments.