diff --git a/.gitignore b/.gitignore
index 62c0b508952c8e7d64c6c30ad8c3432788526785..11d1643ee355964c057870ac594428466deb85ea 100644
--- a/.gitignore
+++ b/.gitignore
@@ -48,5 +48,8 @@ dist/
.bundle/
!Pipfile.lock
.terraform
+.terraform.*
tfplan
*.tfstate*
+payload/*
+payload.zip
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000000000000000000000000000000000000..4af2668dabfa226a88fbde2dae0e29be8f30a496
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,56 @@
+---
+include:
+ - project: shore/ci-templates
+ file: templates/pre-commit.yml
+
+variables:
+ TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/default
+
+stages:
+ - test
+ - build
+ - plan
+ - apply
+
+Generate payload:
+ stage: build
+ image: registry.shore.co.il/ci-images:python3
+ variables:
+ XDG_CACHE_HOME: "$CI_PROJECT_DIR/.cache"
+ before_script:
+ - apt-get update
+ - apt-get install -y zip
+ script:
+ make payload.zip
+ artifacts:
+ paths:
+ - payload.zip
+ cache:
+ paths:
+ - .cache/
+
+Terraform plan:
+ stage: plan
+ image: &tf_image registry.gitlab.com/gitlab-org/terraform-images/stable:latest
+ script:
+ - gitlab-terraform plan
+ - gitlab-terraform plan-json
+ dependencies:
+ - Generate payload
+ artifacts:
+ name: plan
+ paths:
+ - plan.cache
+ reports:
+ terraform: plan.json
+
+Terraform apply:
+ stage: apply
+ image: *tf_image
+ script:
+ - gitlab-terraform apply
+ dependencies: &tf_apply_dependecies
+ - Generate payload
+ - Terraform plan
+ when: manual
+ needs: *tf_apply_dependecies
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9c8f669f28a957f5dae2e885b03a7872534287a0
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,88 @@
+---
+repos:
+ - repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v3.4.0
+ hooks:
+ - id: check-merge-conflict
+ - id: trailing-whitespace
+
+ - repo: https://github.com/Yelp/detect-secrets
+ rev: v1.1.0
+ hooks:
+ - id: detect-secrets
+
+ - repo: https://github.com/adrienverge/yamllint
+ rev: v1.26.1
+ hooks:
+ - id: yamllint
+
+ - repo: https://github.com/executablebooks/mdformat.git
+ rev: 0.7.4
+ hooks:
+ - id: mdformat
+
+ - repo: https://github.com/amperser/proselint/
+ rev: 0.10.2
+ hooks:
+ - id: proselint
+ types: [plain-text]
+ exclude: LICENSE
+
+ - repo: https://github.com/ambv/black
+ rev: 20.8b1
+ hooks:
+ - id: black
+ args:
+ - |
+ --line-length=79
+
+ - repo: https://github.com/PyCQA/prospector
+ rev: 1.3.1
+ hooks:
+ - id: prospector
+ args:
+ - |-
+ --max-line-length=79
+ - |-
+ --with-tool=pyroma
+ - |-
+ --with-tool=bandit
+ - |-
+ --without-tool=pep257
+ - |-
+ --doc-warnings
+ - |-
+ --test-warnings
+ - |-
+ --full-pep8
+ - |-
+ --strictness=high
+ - |-
+ --no-autodetect
+ additional_dependencies:
+ - bandit
+ - pyroma
+
+ - repo: https://gitlab.com/pycqa/flake8.git
+ rev: 3.9.1
+ hooks:
+ - id: flake8
+ args:
+ - |-
+ --doctests
+ additional_dependencies:
+ - flake8-bugbear
+
+ - repo: https://gitlab.com/devopshq/gitlab-ci-linter
+ rev: v1.0.3
+ hooks:
+ - id: gitlab-ci-linter
+ args:
+ - "--server"
+ - https://git.shore.co.il
+
+ - repo: https://git.shore.co.il/nimrod/terraform-pre-commit.git
+ rev: v0.1.0
+ hooks:
+ - id: tf-fmt
+ - id: tf-validate
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000000000000000000000000000000000000..5602f7742740e064b3b2ee4ffb38afb13469c14d
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,12 @@
+src != find src/ -type f -name '*.py'
+
+payload.zip: clean requirements.txt $(src)
+ -rm -r payload.zip payload/*
+ mkdir -p payload
+ cp -a src/* payload/
+ python3 -m pip install -r requirements.txt -t payload
+ cd payload && zip -X --exclude __pycache__ --exclude "*.pyc" --exclude test --exclude bin -r ../payload.zip ./
+
+.PHONY = clean
+clean:
+ -rm -r payload.zip payload
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000000000000000000000000000000000000..e156d2da3eb1b339daa38391dfa86efda8ea5f30
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,19 @@
+terraform {
+ backend "http" {}
+}
+
+locals {
+ env = terraform.workspace == "default" ? "prod" : terraform.workspace
+ module = basename(abspath(path.root))
+ common_tags = {
+ Environment = local.env
+ Module = local.module
+ }
+ Name = "${local.module}-${local.env}"
+}
+
+provider "aws" {
+ region = var.region
+}
+
+provider "template" {}
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000000000000000000000000000000000000..13939773a216a404c2939332f1ff578a0f8570d6
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,14 @@
+output "env" {
+ description = "Environment (prod/dev etc.)."
+ value = local.env
+}
+
+output "module" {
+ description = "The name of the Terraform module, used to tagging resources."
+ value = local.module
+}
+
+output "region" {
+ description = "AWS region."
+ value = var.region
+}
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000000000000000000000000000000000000..2f735967970a157d6b4157f57a763a0b204d6f8b
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1 @@
+dnspython
diff --git a/src/function.py b/src/function.py
new file mode 100644
index 0000000000000000000000000000000000000000..71761090cc486b504e98235c6aeceeda29cda88a
--- /dev/null
+++ b/src/function.py
@@ -0,0 +1,3 @@
+def handler(event, context): # pylint: disable=unused-argument
+ """Lambda event handler."""
+ pass # pylint: disable=unnecessary-pass
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000000000000000000000000000000000000..d86dca0c21cc789a387837174173aea52841ead1
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,4 @@
+variable "region" {
+ default = "us-east-1"
+ description = "AWS region."
+}