diff --git a/.github/workflows/Dockerfile.lint b/.github/workflows/Dockerfile.lint
new file mode 100644
index 00000000..68f04510
--- /dev/null
+++ b/.github/workflows/Dockerfile.lint
@@ -0,0 +1,22 @@
+FROM fpco/pid1:18.04
+
+# Install required Ubuntu packages
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends \
+     ca-certificates \
+     curl \
+     unzip \
+ && apt-get clean  \
+ && rm -rf /var/lib/apt/lists/*
+
+# Install Terraform
+ARG TERRAFORM_VERSION=0.12.24
+RUN curl -Lo terraform.zip https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip \
+ && unzip terraform.zip -d /usr/local/bin \
+ && terraform --version
+
+# Install Terraform Lint TFLint
+ARG TFLINT_VERSION=v0.9.1
+RUN curl -Lo tflint.zip https://github.com/wata727/tflint/releases/download/${TFLINT_VERSION}/tflint_linux_amd64.zip \
+ && unzip tflint.zip -d /usr/local/bin  \
+ && tflint --version
diff --git a/.github/workflows/lint-image.yml b/.github/workflows/lint-image.yml
new file mode 100644
index 00000000..ca6178a4
--- /dev/null
+++ b/.github/workflows/lint-image.yml
@@ -0,0 +1,23 @@
+name: Build lint image
+
+on:
+  push:
+    branches: [lint-image]
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Log into Github registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin
+
+      - name: Build lint image
+        run: |
+          IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/lint:$GITHUB_SHA
+          docker build .github/workflows -f .github/workflows/Dockerfile.lint --tag $IMAGE_ID
+          docker push $IMAGE_ID
+          echo Pushed new lint image $IMAGE_ID
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
new file mode 100644
index 00000000..01ff4000
--- /dev/null
+++ b/.github/workflows/lint.yml
@@ -0,0 +1,18 @@
+name: Lint
+
+on: [push, pull_request]
+
+jobs:
+  push:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Log into Github registry
+        run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin
+
+      - name: Lint
+        run: |
+            docker run -v $(pwd):/src --rm docker.pkg.github.com/fpco/terraform-aws-foundation/lint:bdae808b0d523c6f93c4c477c87924875f0ec0a4 bash -c "cd /src && bash ./scripts/ci/tfinit.sh && bash ./scripts/ci/tflint.sh"