diff --git a/aws/lambda/.terraform.lock.hcl b/aws/lambda/.terraform.lock.hcl
new file mode 100644
index 0000000..6cb266f
--- /dev/null
+++ b/aws/lambda/.terraform.lock.hcl
@@ -0,0 +1,30 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "4.67.0"
+  constraints = ">= 4.30.0, < 5.0.0"
+  hashes = [
+    "h1:5Zfo3GfRSWBaXs4TGQNOflr1XaYj6pRnVJLX5VAjFX4=",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/time" {
+  version     = "0.9.2"
+  constraints = "~> 0.9.1"
+  hashes = [
+    "h1:M93amXwO9KelOaPiyXGak1aiIyf6pYo+FDr6pigIb6M=",
+    "zh:140ca678c8f2e0c73fcbda470531db01ca5d3b22cf6ddcc96e65fc28d179d81e",
+    "zh:1a85697ab9995e7a5af34d6f971939e748486c1818ce8c7f98e27b47a45db43b",
+    "zh:3cbe245e318fa6ae905367ffe4980a1dbcd8bde630c4911f34ac297e6f8080cb",
+    "zh:3eb83fd3857ebdc1e40c0dc6dcc5c161c122560765115b31360a0722158d9b8b",
+    "zh:4d7611ddc90c7fc458a8255c1ad87286512a497f6c842786cda1b93f18ca463e",
+    "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+    "zh:7e8d3fd420d9b41a95f95a023c830f9e53feee54d47d640679b3b5bfbb757422",
+    "zh:90e63a84dda94619199f541e48388e8d1306fc9857b10c75dfee901ec9e4d94b",
+    "zh:cc52109be89301a1309d21704599ecd70e50c339087f7577da865588655f240d",
+    "zh:d5ee0e0abbfe75a9f33ada420b8bb8f4a3a0f97ebc25c1e55aa80a9c12f70519",
+    "zh:e15abaa2dc6751918802dc283e7348d0c99944fcf581a96e481a5afc3c13ebae",
+    "zh:f5c6b98cb1b40728150415b2b8a1e8075d5704c5cf6fc0b95b6b2dbaf560427a",
+  ]
+}
diff --git a/aws/lambda/.tflint.hcl b/aws/lambda/.tflint.hcl
new file mode 100644
index 0000000..e2fc6bf
--- /dev/null
+++ b/aws/lambda/.tflint.hcl
@@ -0,0 +1,10 @@
+plugin "terraform" {
+  enabled = true
+  preset  = "recommended"
+}
+
+plugin "aws" {
+  enabled = true
+  version = "0.30.0"
+  source  = "github.com/terraform-linters/tflint-ruleset-aws"
+}
diff --git a/aws/lambda/README.md b/aws/lambda/README.md
new file mode 100644
index 0000000..ce7279d
--- /dev/null
+++ b/aws/lambda/README.md
@@ -0,0 +1,59 @@
+# lambda module
+
+A skeleton to start your own modules.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.30.0, < 5.0.0 |
+| <a name="requirement_time"></a> [time](#requirement\_time) | ~> 0.9.1 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.30.0, < 5.0.0 |
+| <a name="provider_time"></a> [time](#provider\_time) | ~> 0.9.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_lambda_function.function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
+| [time_static.last_update](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_code_signing_config_arn"></a> [code\_signing\_config\_arn](#input\_code\_signing\_config\_arn) | The ARN of the code signing configuration | `string` | `null` | no |
+| <a name="input_customer"></a> [customer](#input\_customer) | Customer for the current deployment | `string` | `""` | no |
+| <a name="input_dead_letter_config"></a> [dead\_letter\_config](#input\_dead\_letter\_config) | List of dead letter configuration blocks | <pre>object({<br>    target_arn = string<br>  })</pre> | `null` | no |
+| <a name="input_env_vars"></a> [env\_vars](#input\_env\_vars) | A map that defines environment variables for the Lambda function | `map(string)` | `{}` | no |
+| <a name="input_environment"></a> [environment](#input\_environment) | Environment for the current deployment | `string` | `""` | no |
+| <a name="input_filename"></a> [filename](#input\_filename) | The path to the function's deployment package within the local filesystem | `string` | `""` | no |
+| <a name="input_handler"></a> [handler](#input\_handler) | The function within your code that Lambda calls to begin execution | `string` | `"lambda_function.lambda_handler"` | no |
+| <a name="input_iam_role_arn"></a> [iam\_role\_arn](#input\_iam\_role\_arn) | The ARN of the IAM role that the Lambda function assumes when it executes your function to access any other AWS resources | `string` | n/a | yes |
+| <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the AWS Key Management Service (KMS) key that's used to encrypt your function's environment variables | `string` | `null` | no |
+| <a name="input_lambda_description"></a> [lambda\_description](#input\_lambda\_description) | Description of the Lambda function | `string` | `""` | no |
+| <a name="input_layers"></a> [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda function | `list(string)` | `[]` | no |
+| <a name="input_memory_size"></a> [memory\_size](#input\_memory\_size) | The amount of memory, in MB, that is allocated to your Lambda function | `number` | `128` | no |
+| <a name="input_name"></a> [name](#input\_name) | The name of the template resource | `string` | `"my-template"` | no |
+| <a name="input_reserved_concurrent_executions"></a> [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The number of simultaneous executions to reserve for the function | `number` | `1000` | no |
+| <a name="input_runtime"></a> [runtime](#input\_runtime) | The runtime environment for the Lambda function | `string` | `"python3.8"` | no |
+| <a name="input_tags"></a> [tags](#input\_tags) | Default tags to add to resources | `map(any)` | `{}` | no |
+| <a name="input_timeout"></a> [timeout](#input\_timeout) | The amount of time that Lambda allows a function to run before stopping it | `number` | `3` | no |
+| <a name="input_tracing_config_mode"></a> [tracing\_config\_mode](#input\_tracing\_config\_mode) | The tracing mode for the function | `string` | `"PassThrough"` | no |
+| <a name="input_vpc_config"></a> [vpc\_config](#input\_vpc\_config) | List of VPC configuration blocks | <pre>object({<br>    security_group_ids = list(string)<br>    subnet_ids         = list(string)<br>  })</pre> | `null` | no |
+
+## Outputs
+
+No outputs.
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/aws/lambda/lambda.tf b/aws/lambda/lambda.tf
new file mode 100644
index 0000000..784a478
--- /dev/null
+++ b/aws/lambda/lambda.tf
@@ -0,0 +1,42 @@
+resource "aws_lambda_function" "function" {
+
+  code_signing_config_arn        = var.code_signing_config_arn
+  description                    = var.lambda_description
+  filename                       = var.filename
+  function_name                  = var.name
+  handler                        = var.handler
+  kms_key_arn                    = var.kms_key_arn
+  layers                         = var.layers
+  memory_size                    = var.memory_size
+  reserved_concurrent_executions = var.reserved_concurrent_executions
+  role                           = var.iam_role_arn
+  runtime                        = var.runtime
+  source_code_hash               = base64sha256(file(var.filename))
+  timeout                        = var.timeout
+
+  dynamic "vpc_config" {
+    for_each = var.vpc_config
+    content {
+      security_group_ids = vpc_config.value.security_group_ids
+      subnet_ids         = vpc_config.value.subnet_ids
+    }
+  }
+
+  environment {
+    variables = var.env_vars
+  }
+
+  tracing_config {
+    #tfsec:ignore:aws-lambda-enable-tracing
+    mode = var.tracing_config_mode
+  }
+
+  dynamic "dead_letter_config" {
+    for_each = var.dead_letter_config
+    content {
+      target_arn = dead_letter_config.value.target_arn
+    }
+  }
+
+  tags = local.interpolated_tags
+}
diff --git a/aws/lambda/main.tf b/aws/lambda/main.tf
new file mode 100644
index 0000000..f262310
--- /dev/null
+++ b/aws/lambda/main.tf
@@ -0,0 +1,15 @@
+locals {
+  # tflint-ignore: terraform_unused_declarations
+  interpolated_tags = merge({
+    "Name"           = var.name,
+    "Customer"       = var.customer,
+    "Environment"    = var.environment,
+    "ManagedBy"      = "Terraform",
+    "LastModifiedAt" = time_static.last_update.rfc3339,
+    },
+    var.tags
+  )
+}
+
+resource "time_static" "last_update" {
+}
diff --git a/aws/lambda/outputs.tf b/aws/lambda/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/_template/versions.tf b/aws/lambda/providers.tf
similarity index 63%
rename from _template/versions.tf
rename to aws/lambda/providers.tf
index 13fc624..fc5db55 100644
--- a/_template/versions.tf
+++ b/aws/lambda/providers.tf
@@ -5,5 +5,9 @@ terraform {
       source  = "hashicorp/time",
       version = "~> 0.9.1"
     }
+    aws = {
+      source  = "hashicorp/aws",
+      version = ">= 4.30.0, < 5.0.0"
+    }
   }
 }
diff --git a/aws/lambda/variables.tf b/aws/lambda/variables.tf
new file mode 100644
index 0000000..817eeb8
--- /dev/null
+++ b/aws/lambda/variables.tf
@@ -0,0 +1,119 @@
+variable "name" {
+  description = "The name of the template resource"
+  type        = string
+  default     = "my-template"
+}
+
+variable "customer" {
+  description = "Customer for the current deployment"
+  type        = string
+  default     = ""
+}
+
+variable "environment" {
+  description = "Environment for the current deployment"
+  type        = string
+  default     = ""
+}
+
+variable "tags" {
+  description = "Default tags to add to resources"
+  type        = map(any)
+  default     = {}
+}
+
+# module specific variables
+
+variable "lambda_description" {
+  description = "Description of the Lambda function"
+  type        = string
+  default     = ""
+}
+
+variable "filename" {
+  description = "The path to the function's deployment package within the local filesystem"
+  type        = string
+  default     = ""
+}
+
+variable "iam_role_arn" {
+  description = "The ARN of the IAM role that the Lambda function assumes when it executes your function to access any other AWS resources"
+  type        = string
+}
+
+variable "handler" {
+  description = "The function within your code that Lambda calls to begin execution"
+  type        = string
+  default     = "lambda_function.lambda_handler"
+}
+
+variable "runtime" {
+  description = "The runtime environment for the Lambda function"
+  type        = string
+  default     = "python3.8"
+}
+
+variable "memory_size" {
+  description = "The amount of memory, in MB, that is allocated to your Lambda function"
+  type        = number
+  default     = 128
+}
+
+variable "timeout" {
+  description = "The amount of time that Lambda allows a function to run before stopping it"
+  type        = number
+  default     = 3
+}
+
+variable "reserved_concurrent_executions" {
+  description = "The number of simultaneous executions to reserve for the function"
+  type        = number
+  default     = 1000
+}
+
+variable "layers" {
+  description = "List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda function"
+  type        = list(string)
+  default     = []
+}
+
+variable "vpc_config" {
+  description = "List of VPC configuration blocks"
+  type = object({
+    security_group_ids = list(string)
+    subnet_ids         = list(string)
+  })
+  default = null
+}
+
+variable "env_vars" {
+  description = "A map that defines environment variables for the Lambda function"
+  type        = map(string)
+  default     = {}
+}
+
+variable "tracing_config_mode" {
+  description = "The tracing mode for the function"
+  type        = string
+  default     = "PassThrough"
+}
+
+variable "kms_key_arn" {
+  description = "The ARN of the AWS Key Management Service (KMS) key that's used to encrypt your function's environment variables"
+  type        = string
+  default     = null
+}
+
+variable "dead_letter_config" {
+  description = "List of dead letter configuration blocks"
+  type = object({
+    target_arn = string
+  })
+  default = null
+}
+
+variable "code_signing_config_arn" {
+  description = "The ARN of the code signing configuration"
+  type        = string
+  default     = null
+}