Daily loop
- Pull the latest changes and install dependencies if anything changed.
- Modify or add templates under
templates/and update matching parameter files under the environment folder you are targeting. - Run the validation script to execute Checkov (and any other scanners you enable) locally:
Need to tune the scanner? See the Checkov reference.
./scripts/validate-templates.sh - Run
cfn-lintif you want faster feedback than the full script:Want richer editor feedback while you work? Follow our tips on leveling up CloudFormation authoring in VS Code.cfn-lint templates/*.yml - Use Rain to preview changes before shipping. Run it directly so you can opt into change sets:
More tips are available in the Rain reference.
rain deploy templates/oidc-provider.yml --config parameters/test/oidc-provider.yml --changeset - Apply the change once you are comfortable:
./scripts/deploy-templates.sh -e test - Commit and push after local validation passes. The CI workflow mirrors the same checks, so green local runs usually mean green pipelines.
Switching environments
Because the deploy script requires an explicit -e flag, you can test multiple accounts in a single session:
./scripts/deploy-templates.sh -e staging
./scripts/deploy-templates.sh -e production
Each command reads from the matching parameters/<environment>/ folder, so keep those files up to date when you introduce new templates.
Testing template changes safely
When you are experimenting with large infrastructure changes, create a scratch parameter folder (for example parameters/lab/) and run Rain directly against it. Keep the folder out of version control by adding it to .gitignore.
Looking for automation details? The CI/CD Workflow guide breaks down what happens after you push.