[nijave]

I'd say application boundaries at a high-level. Your various environments should be completely isolated. For instance, you can split web services at the load balancer level.

Application boundaries tend to mirror org structure so that allows you to scope down team access.

To get a better idea of your architecture, you can create a dependency diagram and look for clusters of things.

As for connectivity, you could go over the internet, use VPC peering, use Transit Gateways, PrivateLinks, or follow a hub/spoke network architecture with a "network account"

If you're using managed services, you can also use things like SNS and SQS to create shareable communication channels for other accounts to use.