Parameters

Map environment-specific configuration to the templates the starter kit deploys.

Directory layout

Each environment folder under parameters/ mirrors the files found in templates/. For example:

parameters/
  test/
    oidc-provider.yml
  production/
    oidc-provider.yml

Rain looks for parameter files with the following extensions in order: .json, .yml, .yaml. The first match is passed to rain deploy with the --config flag.

File structure

Parameter files follow Rain's configuration syntax:

Parameters:
  SubjectClaimFilters: "repo:my-org/platform:*"
Tags:
  Project: GitHubActions
  Environment: test
Options:
  StackName: github-oidc-provider
  • The Parameters block feeds values into the template's Parameters section.
  • Tags applies to resources that support AWS tags.
  • Options lets you override stack-level settings such as StackName, Capabilities, or TerminationProtection.

Managing secrets

Avoid storing secrets directly in parameter files. Instead:

  • Use AWS Systems Manager Parameter Store or AWS Secrets Manager and reference them with dynamic parameters (for example {{resolve:ssm:/path/to/value}}).
  • For CI-only secrets, rely on GitHub Actions secrets and inject them as environment variables into the deploy step, then reference them through Rain's template functions.

Version control tips

  • Commit parameter files even if they contain placeholders so everyone knows the expected structure.
  • When rotating values, coordinate with change windows—Rain updates stacks in place as soon as the workflow runs.
  • If you need to exclude sensitive parameters from git, document the omission in a README within the environment folder so teammates know what to create locally.

Next, dig into the helper automation in the Scripts reference.

TemplatesScripts