diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..923edf46356dd63453f1ae9afc8658ede696682c
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,51 @@
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+        args:
+          - --unsafe
+      - id: check-json
+      - id: check-toml
+      - id: check-xml
+      - id: check-added-large-files
+      - id: check-executables-have-shebangs
+      - id: check-merge-conflict
+      - id: check-symlinks
+      - id: detect-private-key
+      - id: mixed-line-ending
+      - id: pretty-format-json
+        args:
+          - --autofix
+          - --no-sort-keys
+      - id: debug-statements
+  - repo: https://github.com/DavidAnson/markdownlint-cli2
+    rev: v0.12.1
+    hooks:
+      # For rule definitions see https://github.com/markdownlint/markdownlint/blob/main/docs/RULES.md
+      - id: markdownlint-cli2
+        # Exclude README.md and CHANGELOG.md as they are auto-generated and contain a bunch of illegal HTML etc. We lint
+        # the source *.md files in ./docs though so at least our pure markdown is being checked.
+        exclude: (README|CHANGELOG).md
+  - repo: local
+    hooks:
+      - id: terraform-fmt
+        name: terraform-fmt
+        language: docker_image
+        pass_filenames: false
+        entry: registry.gitlab.developers.cam.ac.uk/uis/devops/infra/dockerimages/logan-terraform:1.6 terraform fmt
+      - id: tflint
+        name: tflint
+        language: docker_image
+        pass_filenames: false
+        entry: ghcr.io/terraform-linters/tflint:latest
+        args: []
+      - id: trivy
+        name: trivy
+        language: docker_image
+        pass_filenames: false
+        entry: aquasec/trivy:latest
+        args: ["--cache-dir", "/tmp/.trivy-cache", "--skip-dirs", "tests", "config", ".", "--exit-code", "1"]
diff --git a/.tflint.hcl b/.tflint.hcl
new file mode 100644
index 0000000000000000000000000000000000000000..b8edc994b7eea4e70abf8f7675811c57fa42ab3d
--- /dev/null
+++ b/.tflint.hcl
@@ -0,0 +1,4 @@
+plugin "terraform" {
+  enabled = true
+  preset  = "all"
+}