Skip to main content

The MHCLG Way and its content is intended for internal use by the MHCLG community.

Use configuration management

Use configuration management to manage, automate and standardise your infrastructure. When using configuration management you store your infrastructure as code in a version control system such as Git.

Terraform

Use Terraform to configure third party cloud infrastructure like Amazon Web Services (AWS).

Terraform supports a large number of providers, and you can configure it to support multiple environments with different parameters. See the Funding Service terraform and EPB AWS Infrastructure repository as an example.

Versioning

Due to the high rate of change in many cloud provider offerings we recommend you keep your Terraform versions and codebases up to date. A version manager such as tfenv, can help you with supporting multiple versions.

Code analysis

There are a number of Terraform focused static analysis tools in use at MHCLG. While none of them are yet ubiquitous they can help ensure your code is more idiomatic, consistent and secure and you should consider the benefits they could bring to your build pipelines.

  • checkov - “detects security and compliance misconfigurations”
  • tfsec - “spots potential security issues”
  • tflint - “linter focused on possible errors, best practices and so on.”

Further reading

Find out more about configuration management in the Service Manual.

This page was last reviewed on 28 July 2025. It needs to be reviewed again on 28 July 2026 by the page owner #mhclg-way .