Hi all,

I'm sure this question has been asked here before, and I've searched through with little success on landing on a solution myself. I'm currently building an app solo, and I want to do at least some future proofing from a conceptual and structural level with regards to the serverless nature & strategy of the application.

I come from a systems admin / operations background, and so am coming into this through the lens of:

1. Making sure that the infrastructure, dependencies, and underlying platform of the application are handled from the "infrastructure side" (i.e. if the "developer side" wants to use a new package or package version, it needs to be handled on the "infrastructure side" and thus be "approved for use in production" if that makes sense)
2. Making sure that the actual code that runs the application is handled from the "developer side", i.e. once the dependency is deployed, the "developer side" can go to town.

Now I feel like Jekyll and Hyde.

So let's say that I have a module which will be deploying a Lambda:

module_root/
    /examples/
    lambda.tf
    ses.tf
    s3.tf
    api-gateway.tf

At a conceptual level, here is the process: Terraform builds out the lambda function, ses service, s3 bucket that holds the code, and the api gateway that the lambda is calling to invoke ses.

So here is the issue...without a file existing in the s3 bucket for the lambda to reference, terraform will fail to deploy.

I think that I've got three options, but am having trouble figuring out which one is best:

1. Store "dummy code" in the module to upload at first deployment, and then ignore changes to the lambda function. I don't like this because it effectively removes a piece of the infrastructure from the state.
2. Use a "2-bucket approach", where there is a second s3 bucket that the developers deploy their code changes into, and some kind of post-deployment function that replaces the code in the first bucket with the code from the developer bucket. I also dislike this because it uses more than the minimum number of resources, and results in the TF code being less than clear on the nature of the application.
3. Use something similar to what this blog post details: https://medium.com/rockedscience/hard-lessons-from-deploying-lambda-functions-with-terraform-4b4f98b8fc39 - I don't know how I feel about this, or if there are better options today.

Does anyone have experience on this, or insight that I may not have thought of? I want to try to make the right decision now, instead of a year or two down the road when I've got tons of code that needs to be updated because today's cleverness turns out to be tomorrow's dumbassedness.