Could you please share some details on how to deal with different AWS accounts, configuring providers accordingly (not relying on environmental tokens) and so on because I think that’s important to mention early? Also in terms of dealing with permissions limiting the blast radius…