Skip to main content

New Service This is a new service – your feedback (opens in a new tab) will help us to improve it.

OFQ-00010 Infrastructure as Code

Last updated: 12 November 2025
Relates to (tags): Digital, Infrastructure

Overview

Infrastructure as Code is an essential discipline when deploying and maintaining new and existing environments.
IaC delivers a consistent baseline when deploying infrastructure, ensuring that there is no deviation in our deployments between services, providing assurance that infrastructure-based issues will be kept to a minimum.

Good IaC must be modular, allowing for reusability throughout different environments, as well as secure through the use of other standards, such as Secret Management.

IaC must be clear and well formatted, clearly demonstrating it’s purpose for deployment within the estate in a format which is easy to read for someone to follow with minimal pre-existing context.

Requirement(s)

IaC must be written using Microsoft Bicep

Infrastructure as Code must always be written using Microsoft Bicep.
This framework is standard within the estate, and consistent usage achieves consistency and reliability throughout our deployments.

IaC must be considered first

When deploying new infrastructure resource, utilisiation of IaC must be considered before any other method for deployment. Certain edge-cases may lead to the utilisation of other deployment methods, such as time-sensitive deployments where no existing template exists. However, IaC must be considered before deciding on other deployment methods.

IaC must be modular

Where there is a requirement for multiple resource deployment, IaC must be written in a modular format, housing each module in it’s own Bicep file, which is then orchestrated by a main.bicep file.
IaC must also be written using a separate parameters file, so that changes to the parameters of the deployed infrastructure can be done without direct interaction into the Bicep files.

IaC must be hosted in Azure DevOps

When new Bicep deployments have been created, they must be held under the “Ofqual.Infrastructure” or “Ofqual.Infrastructure.Future” repositories in Azure DevOps.

Ofqual.Infrastructure.Future is for future-tech proof-of-concepts.
Ofqual.Infrastructure is the general-purpose repository for IaC. When developing new IaC, a new branch must be created in such a way that the branch can be used individually to deploy the infrastructure required.

Content version permalink (GitHub) (opens in a new tab)