Build AWS Lambda packages outside Terraform that come out byte-for-byte identical on macOS and in CI. Upload to S3 by content hash, then let Terraform read s3_existing_package instead of rebuilding on every plan.
Byte-identical zips·Content-hash S3 keys·macOS + Linux·Terraform-native·Python & Node runtimes