[sameg14]

Yeah all accounts are in the same OU. We do have human IAM users but those are "legacy". Nowadays Okta has been the preferred method of accessing AWS console and CLI. We do use terraform but that is also fragmented since each team has the freedom to innovate in their own way. People use CDK, SAM, CloudFormation, Terraform etc. This fracturing of IaC techniques has been a natural consequence of having too many silos aka. accounts and has made it hard to enforce consistency. I think having 2 or 3 accounts is probably ok for a small to medium size org. We are 96 humans so far.

[rcrowley]

Interesting. Thanks for the detailed response. Another, positive way to look at one aspect of your architecture is that the AWS account boundary prevents most cases of dueling configuration management, with two tools changing the same resource back and forth forever.