RFC and Design Review Template
A lightweight request-for-comments format for infrastructure, security, and platform changes.
RFC and Design Review Template
Not every change needs an RFC. Use this template when work is cross-team, irreversible, or security/compliance sensitive.
When to write an RFC
| Trigger | Example |
|---|---|
| New production dependency | Managed K8s → new service mesh |
| Data classification change | PII in new log field |
| Blast radius > one team | Shared CI OIDC role for all repos |
| Cost step-change | Multi-region replication |
Skip RFC for: routine version bumps, typo fixes, isolated dev sandbox experiments.
RFC template
# RFC-NNN: Title
| Field | Value |
|-------|--------|
| Author | |
| Status | Draft / Review / Approved / Superseded |
| Reviewers | |
| Target date | |
## Problem
What pain or risk exists today?
## Goals / Non-goals
- Goals:
- Non-goals:
## Proposal
Architecture diagram, interfaces, rollout plan.
## Security & compliance
- Threat notes (STRIDE bullets)
- Secrets, IAM, data flows
- Audit evidence impact
## Alternatives considered
| Option | Pros | Cons |
|--------|------|------|
## Rollout & rollback
Phases, feature flags, backout in < X minutes.
## Open questionsReview meeting (30 minutes)
- 5 min Author summary
- 15 min Clarifying questions (security, SRE, product)
- 5 min Decision: approve, approve with conditions, defer
- 5 min Action items → Jira tickets
Record outcome in RFC header and link tickets.
Approval storage
- RFC markdown in git (
docs/rfcs/) or Confluence with git mirror - Approved RFCs linked from Terraform module README or ADR index