Skip to main content

The GDS Way and its content is intended for internal use by the GDS community.

Use configuration management

Use configuration management to manage, automate and standardise your infrastructure. When using configuration management you store your infrastructure as code in a version control system such as Git.

Puppet

The use of Puppet at GDS is diminishing as we move more of our infrastructure to containers and higher level services. It’s mainly still in use on GOV.UK but this will decline as more services are moved over to AWS EKS.

If your environment consists of a simple deployment artefact like an Amazon Machine Image (AMI), Puppet may not be necessary, but the process for building that artefact must still be codified and version controlled.

Terraform

Use Terraform to configure third party cloud infrastructure like Amazon Web Services (AWS) or Fastly.

Terraform supports a large number of providers, and you can configure it to support multiple environments with different parameters. See the govuk-aws repository as an example.

Versioning

Due to the high rate of change in many cloud provider offerings we recommend you keep your Terraform versions and codebases up to date. A version manager such as tfenv, already used by a number of GDS teams, can help you with supporting multiple versions.

Code analysis

There are a number of Terraform focused static analysis tools in use at GDS. While none of them are yet ubiquitous they can help ensure your code is more idiomatic, consistent and secure and you should consider the benefits they could bring to your build pipelines.

  • checkov - “detects security and compliance misconfigurations”

  • tfsec - “spots potential security issues”

  • tflint “linter focused on possible errors, best practices and so on.”

Further reading

Find out more about configuration management in the Service Manual.

This page was last reviewed on 25 September 2022. It needs to be reviewed again on 25 March 2023 by the page owner #gds-way .