i.e., for an ECS service, stuff like "what stack has the ECS cluster?" is parameterized via config.yaml. However, since we want our developers to be able to actually deploy stuff without a git push, CONTAINER_TAG is an env var that's injected by our CodeBuild (soon to be Jenkins) system.
Each env still retains a separate config file, though, and it definitely does cause friction in an env-per-branch world like you describe. It's possible to write a single Pulumi program that allows many app envs, and doing so would be a lot easier than the equivalent Terraform code, but it'd be a bit rough.