> What is this obvious solution? You, an application developer, need to launch a new service. I give you a service account that lets you do almost everything inside of that account along with a viewer account for your user that lets you go into the web console and see everything.
This is exactly what AWS Organisations do, available for many years already. This now comes with IAM Identity Center that gives you SSO into multiple AWS accounts. So the setup I use is one management account running IAM Identity Server with users and groups. Then each product gets one or few AWS accounts that they own. Super simple and effective for small organizations. For larger orgs you would need to also use SCP and maybe AWS Control Tower or similar.
This is exactly what AWS Organisations do, available for many years already. This now comes with IAM Identity Center that gives you SSO into multiple AWS accounts. So the setup I use is one management account running IAM Identity Server with users and groups. Then each product gets one or few AWS accounts that they own. Super simple and effective for small organizations. For larger orgs you would need to also use SCP and maybe AWS Control Tower or similar.