Baseline structure
A layout that works across AWS, Azure, and GCP. Names differ; intent does not.
- A root organization or tenant that contains all accounts, with centralized billing and identity.
- Logical groupings that separate security boundaries, shared services, development and production workloads, and analytics.
- An explicit mapping between teams and the account groups they own, so that permissions and cost follow organizational lines.