diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml
new file mode 100644
index 0000000..3602aa0
--- /dev/null
+++ b/.github/workflows/terraform.yml
@@ -0,0 +1,30 @@
+name: terraform
+on: push
+
+jobs:
+  tfsec:
+    uses: skyleague/node-standards/.github/workflows/reusable-tfsec.yml@main
+    with:
+      terraform-version: "1.7.1"
+      working-directory: "./"
+      # tfsec-var-files: '["test/default.tfvars", "test/a.tfvars"]'
+
+  tests:
+    name: tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: setup terraform and cache
+        uses: skyleague/node-standards/.github/actions/setup-terraform@main
+        with:
+          terraform-version: "1.7.1"
+          working-directory: "./test"
+          github-app-id: ${{ secrets.GITHUB_APP_ID }}
+          github-app-pem: ${{ secrets.GITHUB_APP_PEM }}
+      - name: terraform init
+        run: terraform init
+        working-directory: "./test"
+      - name: terraform test
+        run: terraform test
+        working-directory: "./test"
diff --git a/.github/workflows/tfsec.yml b/.github/workflows/tfsec.yml
deleted file mode 100644
index b546dea..0000000
--- a/.github/workflows/tfsec.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-name: tfsec
-on: push
-
-jobs:
-  tfsec:
-    uses: skyleague/node-standards/.github/workflows/reusable-tfsec.yml@main
-    with:
-      terraform-version: "1.3.1"
-      working-directory: "./"
-      # tfsec-var-files: '["test/default.tfvars", "test/a.tfvars"]'
diff --git a/.vscode/settings.json b/.vscode/settings.json
index c0bee05..96b75d1 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -3,7 +3,7 @@
     "editor.tabSize": 2
   },
   "editor.codeActionsOnSave": {
-    "source.fixAll.eslint": true
+    "source.fixAll.eslint": "explicit"
   },
   "editor.formatOnSave": true,
   "editor.wordSeparators": "`~!@#%^&*()-=+[{]}\\|;:'\",.<>/?",
diff --git a/main.tf b/main.tf
index c3de1a2..8873e98 100644
--- a/main.tf
+++ b/main.tf
@@ -15,12 +15,14 @@ data "external" "definition" {
   ])
 }
 locals {
-  raw_definition = endswith(var.definition.file, ".json") ? jsondecode(templatefile(var.definition.file, {
+  template_parameters = merge(coalesce(try(var.definition.template_parameters, null), {}), {
     aws_region     = data.aws_region.current.name
     aws_account_id = data.aws_caller_identity.current.account_id
-  })) : data.external.definition[0].result
-  lambda_arns = jsondecode(local.raw_definition.lambda_arns)
-  definition  = jsondecode(local.raw_definition.definition)
+  })
+  file_definition = endswith(var.definition.file, ".json") ? jsondecode(templatefile(var.definition.file, local.template_parameters)) : null
+  raw_definition  = endswith(var.definition.file, ".json") ? local.file_definition : data.external.definition[0].result
+  lambda_arns     = jsondecode(local.raw_definition.lambda_arns)
+  definition      = jsondecode(local.raw_definition.definition)
 }
 
 resource "aws_sfn_state_machine" "this" {
diff --git a/test/main.tf b/test/main.tf
new file mode 100644
index 0000000..da626a0
--- /dev/null
+++ b/test/main.tf
@@ -0,0 +1,22 @@
+variable "name" {
+  type = string
+}
+
+variable "file" {
+  type = string
+}
+
+variable "template_parameters" {
+  type    = map(string)
+  default = null
+}
+
+module "sfn" {
+  source = "../"
+
+  name = var.name
+  definition = {
+    file                = "${abspath(path.module)}/${var.file}"
+    template_parameters = var.template_parameters
+  }
+}
diff --git a/test/stubs/definition.json b/test/stubs/definition.json
new file mode 100644
index 0000000..2ab1c5c
--- /dev/null
+++ b/test/stubs/definition.json
@@ -0,0 +1,4 @@
+{
+  "definition": "{\"foo\":\"${bar}\", \"region\":\"${aws_region}\"}",
+  "lambda_arns": "[]"
+}
diff --git a/test/template_parameters.tftest.hcl b/test/template_parameters.tftest.hcl
new file mode 100644
index 0000000..50255a0
--- /dev/null
+++ b/test/template_parameters.tftest.hcl
@@ -0,0 +1,22 @@
+provider "aws" {
+  region = "eu-west-1"
+}
+mock_provider "aws" {}
+
+run "template_parameters_replaced_correctly" {
+  command = plan
+
+  variables {
+    name = "foo"
+    file = "stubs/definition.json"
+    template_parameters = {
+      bar = "baz"
+    }
+  }
+
+  assert {
+    condition     = jsondecode(module.sfn.state_machine.definition) == { foo = "baz", region = "eu-west-1" }
+    error_message = "Template was not rendered correctly"
+  }
+
+}
diff --git a/variables.tf b/variables.tf
index 9fa19bc..3aaa1d4 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,19 +1,25 @@
 variable "definition" {
   description = "JSON definition of the Stepfunction"
   type = object({
-    file   = string
-    export = optional(string)
+    file                = string
+    export              = optional(string)
+    template_parameters = optional(map(string), {})
   })
 
   validation {
     condition     = endswith(var.definition.file, ".json") || endswith(var.definition.file, ".ts") || endswith(var.definition.file, ".js")
-    error_message = "Invalid definition type; supported types are: ts, json"
+    error_message = "Invalid definition type; supported types are: ts, js, json"
   }
 
   validation {
     condition     = endswith(var.definition.file, ".json") || var.definition.export != null
     error_message = "Name for 'export' is required when including a js or ts definition."
   }
+
+  validation {
+    condition     = var.definition.template_parameters == null || endswith(var.definition.file, ".json")
+    error_message = "Template parameters are only supported for json definitions."
+  }
 }
 variable "name" {
   description = "Name of the Stepfunction"