As I'm guessing you're starting to suspect, there is no magic tool here.
It typically requires a dedicated 'platform engineering' team to manage the tooling and onboarding process, some kind of governance process over the services that are enabled, development and enforcement of the use of (in the case of terraform) terraform modules to constrain use to planned patterns and some kind of 'cloud security posture management' tooling to keep an eye on everything.
It increases costs and slows things down in the short term but it does help keep things reasonably controllable over time. I work in a highly regulated environment (five external audits in the last year) so my perspective is a bit skewed. However when we have an acquisition that has been doing things a bit organically, it's an impenetrable Charlie Foxtrot and the teams responsible for trying to get it under control have almost no understanding of where dependencies are, what's critical to the business or even how to start to insert some kind of influence or control over something that has been wholly unmanaged for years.
Thank you. Well, there you have it, this is a non-regulated wild environment and except for data privacy and looking at costs basically everyone does what they need. So i am very jealous about the discipline you seem to be able to push through. :)
It typically requires a dedicated 'platform engineering' team to manage the tooling and onboarding process, some kind of governance process over the services that are enabled, development and enforcement of the use of (in the case of terraform) terraform modules to constrain use to planned patterns and some kind of 'cloud security posture management' tooling to keep an eye on everything.
It increases costs and slows things down in the short term but it does help keep things reasonably controllable over time. I work in a highly regulated environment (five external audits in the last year) so my perspective is a bit skewed. However when we have an acquisition that has been doing things a bit organically, it's an impenetrable Charlie Foxtrot and the teams responsible for trying to get it under control have almost no understanding of where dependencies are, what's critical to the business or even how to start to insert some kind of influence or control over something that has been wholly unmanaged for years.