diff --git a/.github/workflows/continuous-integration-terraform.yml b/.github/workflows/continuous-integration-terraform.yml
new file mode 100644
index 000000000..aa33493c2
--- /dev/null
+++ b/.github/workflows/continuous-integration-terraform.yml
@@ -0,0 +1,64 @@
+name: Validate terraform
+
+on:
+  push:
+    branches: main
+  pull_request:
+
+jobs:
+  terraform-validate:
+    name: Terraform Validate
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+
+      - name: Check for terraform version mismatch
+        run: |
+          DOTFILE_VERSION=$(cat terraform.gpaas-azure-migration/.terraform-version)
+          TERRAFORM_IMAGE_REFERENCES=$(grep "uses: docker://hashicorp/terraform" .github/workflows/continuous-integration-terraform.yml | grep -v TERRAFORM_IMAGE_REFERENCES | wc -l | tr -d ' ')
+          if [ "$(grep "docker://hashicorp/terraform:${DOTFILE_VERSION}" .github/workflows/continuous-integration-terraform.yml | wc -l | tr -d ' ')" != "$TERRAFORM_IMAGE_REFERENCES" ]
+          then
+            echo -e "\033[1;31mError: terraform version in .terraform-version file does not match docker://hashicorp/terraform versions in .github/workflows/continuous-integration-terraform.yml"
+            exit 1
+          fi
+
+      - name: Remove azure backend
+        run: rm ./terraform.gpaas-azure-migration/backend.tf
+
+      - name: Run a Terraform init
+        uses: docker://hashicorp/terraform:1.3.6
+        with:
+          entrypoint: terraform
+          args: -chdir=terraform.gpaas-azure-migration init
+
+      - name: Run a Terraform validate
+        uses: docker://hashicorp/terraform:1.3.6
+        with:
+          entrypoint: terraform
+          args: -chdir=terraform.gpaas-azure-migration validate
+
+      - name: Run a Terraform format check
+        uses: docker://hashicorp/terraform:1.3.6
+        with:
+          entrypoint: terraform
+          args: -chdir=terraform.gpaas-azure-migration fmt -check=true -diff=true
+
+  terraform-docs-validation:
+    name: Terraform Docs validation
+    needs: terraform-validate
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: Generate Terraform docs
+        uses: terraform-docs/gh-actions@v1.0.0
+        with:
+          working-dir: terraform.gpaas-azure-migration
+          config-file: .terraform-docs.yml
+          output-file: README.md
+          output-method: inject
+          fail-on-diff: true
diff --git a/.github/workflows/continuous-integration-tfsec.yml b/.github/workflows/continuous-integration-tfsec.yml
new file mode 100644
index 000000000..8bee0ac7a
--- /dev/null
+++ b/.github/workflows/continuous-integration-tfsec.yml
@@ -0,0 +1,14 @@
+name: Terraform security scan
+on:
+  pull_request:
+jobs:
+  tfsec-pr-commenter:
+    name: tfsec PR commenter
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clone repo
+        uses: actions/checkout@v3
+      - name: tfsec
+        uses: aquasecurity/tfsec-pr-commenter-action@v1.2.0
+        with:
+          github_token: ${{ github.token }}