Cloud Engineering Standards

Author

Strategic Innovation and Analysis, ONS

Published

8 June 2026

This guide sets out cloud engineering standards for the Strategic Innovation and Analysis team at ONS. It is intended for data scientists and engineers who are beginning to work with cloud infrastructure — not for experienced platform engineers, though they may find it a useful reference.

If you have been asked to review a pull request containing Terraform code for the first time, or you are trying to understand what good infrastructure as code looks like, this is the right place to start.

What this guide covers

  • How to review Terraform infrastructure as code, including the principles, tools, checklists, and worked examples you need to do it well
  • How to read a Terraform plan and understand what changes it will make
  • The environment model used in this team — sandbox, non-production, pre-production, and production — and what each one means for how you write and review infrastructure

Later sections, which are in development, will cover:

  • Choosing between common infrastructure patterns such as batch processing, streaming, and event-driven architectures

What this guide does not cover

This guide gives practical, working guidance. It is not:

  • A substitute for formal security accreditation or information assurance decisions. If your service is processing sensitive data, you need to involve your security and information management leads.
  • A complete Terraform tutorial. If you are new to Terraform itself, work through the official Terraform tutorials first, then return here.
  • Authoritative guidance on HMG security classifications. For that, refer to the Government Security Classifications Policy.

How to use this guide

If you are reviewing Terraform code for the first time, start with Review principles and Skills, expectations, and escalation. These will tell you what you are looking for and how much confidence to have in your own judgement.

If you have been handed a specific pull request to review, the pull request review checklist gives you a structured list of things to check.

If you want to understand what a particular tool does (such as checkov or tflint), go to Review tools.

Infrastructure as code in this team

This team uses Terraform to manage cloud infrastructure. Terraform code in this organisation follows the structure defined in datasciencecampus/terraform-template, with environments organised into separate directories:

Directory Environment
01_sandbox/ Sandbox
02_dev_nonprod/ Non-production
03_stg_prod/ Pre-production
04_prd_prod/ Production

Reusable code lives in modules/. This separation is important: each directory represents a different trust boundary, with progressively tighter controls as you move from sandbox towards production.

You will encounter this structure throughout the Terraform review guidance.

Glossary

Technical terms are explained when first used. You can also find a full glossary at the back of this guide.