Scaffolding.

.gitignore

@@ -48,5 +48,8 @@ dist/
 .bundle/
 !Pipfile.lock
 .terraform
+.terraform.*
 tfplan
 *.tfstate*
+payload/*
+payload.zip

.gitlab-ci.yml

+---
+include:
+  - project: shore/ci-templates
+    file: templates/pre-commit.yml
+
+variables:
+  TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/default
+
+stages:
+  - test
+  - build
+  - plan
+  - apply
+
+Generate payload:
+  stage: build
+  image: registry.shore.co.il/ci-images:python3
+  variables:
+    XDG_CACHE_HOME: "$CI_PROJECT_DIR/.cache"
+  before_script:
+    - apt-get update
+    - apt-get install -y zip
+  script:
+    make payload.zip
+  artifacts:
+    paths:
+      - payload.zip
+  cache:
+    paths:
+      - .cache/
+
+Terraform plan:
+  stage: plan
+  image: &tf_image registry.gitlab.com/gitlab-org/terraform-images/stable:latest
+  script:
+    - gitlab-terraform plan
+    - gitlab-terraform plan-json
+  dependencies:
+    - Generate payload
+  artifacts:
+    name: plan
+    paths:
+      - plan.cache
+    reports:
+      terraform: plan.json
+
+Terraform apply:
+  stage: apply
+  image: *tf_image
+  script:
+    - gitlab-terraform apply
+  dependencies: &tf_apply_dependecies
+    - Generate payload
+    - Terraform plan
+  when: manual
+  needs: *tf_apply_dependecies

.pre-commit-config.yaml

+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.4.0
+    hooks:
+      - id: check-merge-conflict
+      - id: trailing-whitespace
+
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.1.0
+    hooks:
+      - id: detect-secrets
+
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.26.1
+    hooks:
+      - id: yamllint
+
+  - repo: https://github.com/executablebooks/mdformat.git
+    rev: 0.7.4
+    hooks:
+      - id: mdformat
+
+  - repo: https://github.com/amperser/proselint/
+    rev: 0.10.2
+    hooks:
+      - id: proselint
+        types: [plain-text]
+        exclude: LICENSE
+
+  - repo: https://github.com/ambv/black
+    rev: 20.8b1
+    hooks:
+      - id: black
+        args:
+          - |
+              --line-length=79
+
+  - repo: https://github.com/PyCQA/prospector
+    rev: 1.3.1
+    hooks:
+      - id: prospector
+        args:
+          - |-
+            --max-line-length=79
+          - |-
+            --with-tool=pyroma
+          - |-
+            --with-tool=bandit
+          - |-
+            --without-tool=pep257
+          - |-
+            --doc-warnings
+          - |-
+            --test-warnings
+          - |-
+            --full-pep8
+          - |-
+            --strictness=high
+          - |-
+            --no-autodetect
+        additional_dependencies:
+          - bandit
+          - pyroma
+
+  - repo: https://gitlab.com/pycqa/flake8.git
+    rev: 3.9.1
+    hooks:
+      - id: flake8
+        args:
+          - |-
+            --doctests
+        additional_dependencies:
+          - flake8-bugbear
+
+  - repo: https://gitlab.com/devopshq/gitlab-ci-linter
+    rev: v1.0.3
+    hooks:
+      - id: gitlab-ci-linter
+        args:
+          - "--server"
+          - https://git.shore.co.il
+
+  - repo: https://git.shore.co.il/nimrod/terraform-pre-commit.git
+    rev: v0.1.0
+    hooks:
+      - id: tf-fmt
+      - id: tf-validate

Makefile

+src != find src/ -type f -name '*.py'
+
+payload.zip: clean requirements.txt $(src)
+	-rm -r payload.zip payload/*
+	mkdir -p payload
+	cp -a src/* payload/
+	python3 -m pip install -r requirements.txt -t payload
+	cd payload && zip -X --exclude __pycache__ --exclude "*.pyc" --exclude test --exclude bin -r ../payload.zip ./
+
+.PHONY = clean
+clean:
+	-rm -r payload.zip payload

main.tf

+terraform {
+  backend "http" {}
+}
+
+locals {
+  env    = terraform.workspace == "default" ? "prod" : terraform.workspace
+  module = basename(abspath(path.root))
+  common_tags = {
+    Environment = local.env
+    Module      = local.module
+  }
+  Name = "${local.module}-${local.env}"
+}
+
+provider "aws" {
+  region = var.region
+}
+
+provider "template" {}

outputs.tf

+output "env" {
+  description = "Environment (prod/dev etc.)."
+  value       = local.env
+}
+
+output "module" {
+  description = "The name of the Terraform module, used to tagging resources."
+  value       = local.module
+}
+
+output "region" {
+  description = "AWS region."
+  value       = var.region
+}

requirements.txt

+dnspython

src/function.py

+def handler(event, context):  # pylint: disable=unused-argument
+    """Lambda event handler."""
+    pass  # pylint: disable=unnecessary-pass

variables.tf

+variable "region" {
+  default     = "us-east-1"
+  description = "AWS region."
+}