diff --git a/.drone.yml b/.drone.yml
new file mode 100644
index 0000000..0f8c2c3
--- /dev/null
+++ b/.drone.yml
@@ -0,0 +1,69 @@
+---
+kind: pipeline
+type: kubernetes
+name: Terraform root module
+
+environment:
+  TF_IN_AUTOMATION: "1"
+  GIT_SSH_COMMAND: "ssh -o StrictHostKeyChecking=no -i $${PWD}/id_rsa"
+  
+
+steps:
+- name: terraform init
+  image: hashicorp/terraform:1.1.8
+  commands:
+    - echo "$${CI_SSH_KEY}" | base64 -d > id_rsa
+    - chmod 600 id_rsa
+    - terraform init
+  environment:
+    CI_SSH_KEY:
+      from_secret: ci-ssh-key
+    AWS_ACCESS_KEY_ID:
+      from_secret: terraform-aws-key-id
+    AWS_SECRET_ACCESS_KEY:
+      from_secret: terraform-aws-secret-access-key
+
+- name: terraform plan
+  image: hashicorp/terraform:1.1.8
+  commands:
+    - cp -a id_rsa ~/.ssh/id_rsa
+    - terraform plan -out .tfplan
+  environment:
+    AWS_ACCESS_KEY_ID:
+      from_secret: terraform-aws-key-id
+    AWS_SECRET_ACCESS_KEY:
+      from_secret: terraform-aws-secret-access-key
+    KUBE_TOKEN:
+      from_secret: lawndale-k8s-ci-token
+    TF_VAR_lawdnale_dns_key_secret:
+      from_secret: lawndale-dns-key-secret
+    TF_VAR_lawndale_dns_key_algorithm:
+      from_secret: lawndale-dns-key-algorithm
+
+- name: terraform apply
+  when:
+    branch:
+    - main
+    event:
+    - push
+  image: hashicorp/terraform:1.1.8
+  commands:
+    - cp -a id_rsa ~/.ssh/id_rsa
+    - terraform apply .tfplan
+  environment:
+    AWS_ACCESS_KEY_ID:
+      from_secret: terraform-aws-key-id
+    AWS_SECRET_ACCESS_KEY:
+      from_secret: terraform-aws-secret-access-key
+    KUBE_TOKEN:
+      from_secret: lawndale-k8s-ci-token
+    TF_VAR_lawdnale_dns_key_secret:
+      from_secret: lawndale-dns-key-secret
+    TF_VAR_lawndale_dns_key_algorithm:
+      from_secret: lawndale-dns-key-algorithm
+
+---
+kind: signature
+hmac: d5b34139e5dd55d395dfbc99a5193220239fa13f1186c4bab7a9f084de190e47
+
+...