[ec109685]

The way we do it is 1) each team owns one or more of AWS sub accounts (e.g a particular app or function will be in its own account) 2) An internal version of this is used to establish and enforce company-wide standards: https://github.com/cloud-custodian/cloud-custodian 3) A repository of terraform modules is shared amongst teams to standardize on how common AWS resources are used (e.g. enforce X, Y and Z for S3 buckets)

This way, the per account setup (represented as a repo) is relatively small, common patterns are standardized, and there is still room for experimentation.