Almost every company starting to use AWS goes through the same path. At the beginning, there is just one account. A handful of developers all log into the same root account via the console and create EC2 instances and spin up RDS databases. As the team grows, IAM Users are created, then IAM Groups. Then the security team says "you can't keep production and development in the same account." So a separate development account and production account are created. Over time, those two become five, then forty, then a hundred. And at some point, IAM policy conflicts, inability to split costs by department, and security incidents spreading from one account to another all hit at the same time.