For those using terraform, how are you managing access from CI and developer machines for a multi account setup? I’m going with the approach of seeding all accounts with a terraform user using AFT and then allowing certain SSO permission sets and other account roles (like CICD) to assume the terraform role.
This is what we do to. Although we only allow TF access from CI server and back it up with branch rules on when to plan/apply etc.