diff --git a/.github/workflows/terraform_format.yml b/.github/workflows/terraform_format.yml
new file mode 100644
index 000000000..cbe982d27
--- /dev/null
+++ b/.github/workflows/terraform_format.yml
@@ -0,0 +1,25 @@
+name: Format terraform files
+
+permissions:
+  contents: write
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+jobs:
+  format:
+    runs-on: ubuntu-latest
+    name: Check terraform file are formatted correctly
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: terraform fmt
+        uses: dflook/terraform-fmt@v1
+
+      - name: commit format changes to branch
+        uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          commit_message: Automated Change
+          commit_user_name: Terraform format GitHub Actions Bot
diff --git a/README.md b/README.md
index fc2a07857..990499b76 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
 
 - [Overview](#overview)
 - [Features and Functionality](#features-and-functionality)
-  - [GOV.UK Notify](#gov-uk-notify)
+  - [GOV.UK Notify](#govuk-notify)
   - [Subscription Fulfillment](#subscription-fulfillment)
   - [Third Party Publisher](#third-party-publisher)
 - [Roles](#roles)
@@ -267,7 +267,9 @@ The client at runtime is attached as a javaagent, which allows it to send the lo
 To connect to app insights a connection string is used. This is configured to read from the KV Secret mounted inside the pod.
 
 It is possible to connect to app insights locally, although somewhat tricky. The easiest way is to get the connection string from azure, set it as an environment variable (APPLICATIONINSIGHTS_CONNECTION_STRING), and add in the javaagent as VM argument. You will also need to remove / comment out the connection string line the config.
+
 ## Security & Quality Considerations
+
 We use a few automated tools to ensure quality and security within the service. A few examples can be found below:
 
 - SonarCloud - provides automated code analysis, finding vulnerabilities, bugs and code smells. Quality gates ensure that test coverage, code style and security are maintained where possible.
diff --git a/infrastructure/demo.tfvars b/infrastructure/demo.tfvars
index cb4ed7265..6f6b98489 100644
--- a/infrastructure/demo.tfvars
+++ b/infrastructure/demo.tfvars
@@ -1 +1 @@
-env="demo"
+env = "demo"
diff --git a/infrastructure/main.tf b/infrastructure/main.tf
index 03e19e811..dbe20aaab 100644
--- a/infrastructure/main.tf
+++ b/infrastructure/main.tf
@@ -3,11 +3,11 @@ locals {
   env_long_name = var.env == "sbox" ? "sandbox" : var.env == "stg" ? "staging" : var.env
   env_subdomain = local.env_long_name == "prod" ? "" : "${local.env_long_name}."
 
-  base_url      = "${var.product}-${var.component}.${local.env_subdomain}platform.hmcts.net"
-  prefix        = "${var.product}-ss"
+  base_url = "${var.product}-${var.component}.${local.env_subdomain}platform.hmcts.net"
+  prefix   = "${var.product}-ss"
 
-  apim_name     = "sds-api-mgmt-${local.env}"
-  apim_rg       = "ss-${local.env}-network-rg"
+  apim_name = "sds-api-mgmt-${local.env}"
+  apim_rg   = "ss-${local.env}-network-rg"
 
-  deploy_apim   = local.env == "stg" || local.env == "demo" || local.env == "test" || local.env == "sbox" || local.env == "prod" ? 1 : 0
+  deploy_apim = local.env == "stg" || local.env == "demo" || local.env == "test" || local.env == "sbox" || local.env == "prod" ? 1 : 0
 }
diff --git a/infrastructure/prod.tfvars b/infrastructure/prod.tfvars
index cf1b3bb41..5ab717dd8 100644
--- a/infrastructure/prod.tfvars
+++ b/infrastructure/prod.tfvars
@@ -1 +1 @@
-env="prod"
+env = "prod"
diff --git a/infrastructure/providers.tf b/infrastructure/providers.tf
index c17903ec0..140e71267 100644
--- a/infrastructure/providers.tf
+++ b/infrastructure/providers.tf
@@ -1,9 +1,9 @@
 terraform {
   required_providers {
-      azurerm = {
-        source  = "hashicorp/azurerm"
-        version = "3.83.0"
-      }
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = "3.83.0"
+    }
   }
 }
 
diff --git a/infrastructure/stg.tfvars b/infrastructure/stg.tfvars
index b0a0c339e..4fe56b024 100644
--- a/infrastructure/stg.tfvars
+++ b/infrastructure/stg.tfvars
@@ -1 +1 @@
-env="stg"
+env = "stg"
diff --git a/infrastructure/test.tfvars b/infrastructure/test.tfvars
index b4d22fef3..a8b71187b 100644
--- a/infrastructure/test.tfvars
+++ b/infrastructure/test.tfvars
@@ -1 +1 @@
-env="test"
+env = "test"
diff --git a/infrastructure/tf-apim-api.tf b/infrastructure/tf-apim-api.tf
index 0c25a3a34..a963eae3f 100644
--- a/infrastructure/tf-apim-api.tf
+++ b/infrastructure/tf-apim-api.tf
@@ -2,7 +2,7 @@ locals {
   apim_api_name  = "${var.product}-${var.component}-api"
   api_policy_raw = file("./resources/api-policy/api-policy.xml")
   api_policy = replace(replace(local.api_policy_raw, "{TENANT_ID}", data.azurerm_client_config.current.tenant_id)
-    , "{ENV}", local.env)
+  , "{ENV}", local.env)
 }
 
 module "apim_api" {
diff --git a/infrastructure/tf-apim-operations.tf b/infrastructure/tf-apim-operations.tf
index b483db996..7c6f76fac 100644
--- a/infrastructure/tf-apim-operations.tf
+++ b/infrastructure/tf-apim-operations.tf
@@ -5,7 +5,7 @@ locals {
     basename(operation_policies_file) => {
       operation_id = replace(basename(operation_policies_file), ".xml", "")
       xml_content = replace(replace(file("${path.module}/${operation_policies_file}"), "{TENANT_ID}", data.azurerm_client_config.current.tenant_id)
-        , "{ENV}", local.env)
+      , "{ENV}", local.env)
     }
   }
 }