when I mention multiple projects for multiple types of operations- I usually think about this in terms of layers of stuff.. baseline infra established in one project, then one project manages database configurations, another project manages kubernetes configurations, and you might have a seperate project for access management (I'm currently playing with pulumi automation for this purpose, it shows real promise! :D)