Reliable cloud infrastructure for public sector services
GOV.UK PaaS is a reliable and security-compliant application platform for running public sector services in the cloud. It is available for use by both Crown and non-Crown organisations.
The platform is hosted on Amazon Web Services in the UK, with hosting in Ireland also available. Applications are automatically run across three independent availability zones to ensure resilience.
Build services faster
GOV.UK PaaS offers tools to help teams build and run cloud native applications in production without the need for specialist infrastructure skills. We maintain and secure the infrastructure, so your team can focus on improving your applications.
GOV.UK PaaS provides:
- a self-service developer experience, based on open source Cloud Foundry
- buildpack support for writing applications in most major languages including:
- Java (and other JVM-based languages such as Scala)
- .NET Core
- a compiled binary
- a marketplace of backing services including PostgreSQL, Opensearch, MySQL, InfluxDB, Redis and Amazon S3.
- observability for your apps including support for logs, metrics and tracing.
GOV.UK PaaS users can use the Cloud Foundry command line interface (or API) to:
- manage applications
- attach backing services to applications
- scale applications up and down in seconds
- create private applications to deploy microservices that are not accessible from the public internet
- automate repeatable creation of environments
- perform zero-downtime application deployments
Manage user access, services and costs
Our simple to use admin tool gives you an easy way to oversee your applications, services users and billing.
- simplified user account management and support for single sign-on with your organisation's Google account
- usage and billing summaries in real time
- monitoring for your backing services and application events 'out of the box'
Build services more securely
GOV.UK PaaS is designed to meet the NCSC Cloud Security Principles.
The platform is assured for use at OFFICIAL. As the data owner for a service you must ensure that appropriate controls are in place when handling Official data.
Security features we offer include:
- modern TLS standards enforced for all traffic entering the platform
- application isolation so that they can't read or change each other's code, data or logs
- private internal network communication between applications
- authenticated SSH access to application containers to debug problems
- single sign-on through your organisation's Google account
- ingress to the platform protected by AWS Shield
Support and maintenance
We monitor the infrastructure and manage the patching of the platform's operating systems and infrastructure components. When we update the platform, we use zero downtime deploys, so this won't interfere with the running of your application.
We offer 24/7 platform support for live services