diff --git a/README.md b/README.md
index dca4c1e..bdb7c13 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,7 @@ No modules.
 | [aws_dynamodb_table.table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |
 | [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
 | [aws_iam_role_policy_attachment.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_lambda_function.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
 | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy.lambda_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source |
@@ -38,6 +39,7 @@ No modules.
 | <a name="input_component_tags"></a> [component\_tags](#input\_component\_tags) | Additional tags for Components (s3, kms, ddb) | `map(map(string))` | <pre>{<br>  "ddb": {},<br>  "kms": {},<br>  "s3": {}<br>}</pre> | no |
 | <a name="input_create"></a> [create](#input\_create) | Flag to indicate whether to create the resources or not (default: true) | `bool` | `true` | no |
 | <a name="input_dynamodb_table_name"></a> [dynamodb\_table\_name](#input\_dynamodb\_table\_name) | Different DynamoDB table name to override default of var.name) | `string` | `null` | no |
+| <a name="input_lambda_environment_variables"></a> [lambda\_environment\_variables](#input\_lambda\_environment\_variables) | Map of lambda environment variables and values | `map(string)` | <pre>{<br>  "DynamoDBName": null,<br>  "SleepTime": 60,<br>  "TagKeyCname": "boc:dns:cname",<br>  "TagKeyHostName": "TBD",<br>  "TagKeyZone": "boc:dns:zone"<br>}</pre> | no |
 | <a name="input_lambda_name"></a> [lambda\_name](#input\_lambda\_name) | Different Lambda name to override default of var.name) | `string` | `null` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to use within all the created resources (default: inf-dynamic-route53) | `string` | `"inf-dynamic-route53"` | no |
 | <a name="input_override_prefixes"></a> [override\_prefixes](#input\_override\_prefixes) | Override built-in prefixes by component. This should be used primarily for common infrastructure things | `map(string)` | `{}` | no |
diff --git a/code/ddns-lambda.zip b/code/ddns-lambda.zip
new file mode 100644
index 0000000..f0143ac
Binary files /dev/null and b/code/ddns-lambda.zip differ
diff --git a/code/defaults.tf b/code/defaults.tf
new file mode 120000
index 0000000..aeaa3fe
--- /dev/null
+++ b/code/defaults.tf
@@ -0,0 +1 @@
+../defaults.tf
\ No newline at end of file
diff --git a/code/make-zip-file.tf b/code/make-zip-file.tf
new file mode 100644
index 0000000..cab186d
--- /dev/null
+++ b/code/make-zip-file.tf
@@ -0,0 +1,20 @@
+locals {
+  lambda_file = format("%v.zip", local._defaults["lambda_file"])
+  lambda_code_files = [
+    "ddns-lambda.py",
+  ]
+  # this gets a sha256hash of each file, and then a sha256 hash of the comma-separated hashes. This will help determine
+  # to make a new zip file or not
+  lambda_code_files_hashes = { for f in local.lambda_code_files : f => filesha256(f) }
+  lambda_files_hash        = sha256(join(",", values(local.lambda_code_files_hashes)))
+}
+
+resource "null_resource" "zip" {
+  triggers = {
+    lambda_files_hash = local.lambda_files_hash
+  }
+
+  provisioner "local-exec" {
+    command = "zip ${local.lambda_file} -j -r ${join(" ", local.lambda_code_files)}"
+  }
+}
diff --git a/defaults.tf b/defaults.tf
index 71d8828..7168371 100644
--- a/defaults.tf
+++ b/defaults.tf
@@ -2,5 +2,7 @@ locals {
   _defaults = {
     "force_detach_policies" = false
     "max_session_duration"  = 3600
+    "lambda_handler"        = "ddns-lambda.lambda_handler"
+    "lambda_file"           = "ddns-lambda"
   }
 }
diff --git a/lambda.tf b/lambda.tf
new file mode 100644
index 0000000..f7f5af3
--- /dev/null
+++ b/lambda.tf
@@ -0,0 +1,33 @@
+locals {
+  lambda_environment_variables = lookup(var.lambda_environment_variables, "DynamoDBName", null) != null ? var.lambda_environment_variables : merge(
+    var.lambda_environment_variables,
+    tomap({ "DynamoDBName" = local.dynamodb_table_name }),
+  )
+  lambda_file = format("%v/code/%v.zip", path.module, local._defaults["lambda_file"])
+}
+
+resource "aws_lambda_function" "lambda" {
+  function_name                  = local.lambda_name
+  handler                        = local._defaults["lambda_handler"]
+  memory_size                    = 128
+  reserved_concurrent_executions = -1
+  role                           = aws_iam_role.role.arn
+  runtime                        = "python3.9"
+  source_code_hash               = filebase64sha256(local.lambda_file)
+  filename                       = local.lambda_file
+  timeout                        = 30
+  #    version                        = "$LATEST"
+
+  environment {
+    variables = local.lambda_environment_varaibles
+  }
+  timeouts {}
+  tracing_config {
+    mode = "PassThrough"
+  }
+  tags = merge(
+    local.base_tags,
+    var.tags,
+    map("Name", local.lambda_name)
+  )
+}
diff --git a/variables.tf b/variables.tf
index e1c9ca6..ee06181 100644
--- a/variables.tf
+++ b/variables.tf
@@ -16,4 +16,14 @@ variable "lambda_name" {
   default     = null
 }
 
-
+variable "lambda_environment_variables" {
+  description = "Map of lambda environment variables and values"
+  type        = map(string)
+  default = {
+    SleepTime      = 60
+    DynamoDBName   = null
+    TagKeyCname    = "boc:dns:cname"
+    TagKeyZone     = "boc:dns:zone"
+    TagKeyHostName = "TBD"
+  }
+}