It is rare for devs to need to log into a cloud account. this is down the route of having a platform they can log into to perform the deploy, status functions. I support 100s of dev teams, and most interaction with the cloud is minimal, instead Jenkins tools and ELK abstract

Are you using a lot of high-level offerings? I've seen the same if you use primarily k8s or other tools as that is the interface for developers, but have seen that quickly change if you want to use lambda/sqs/etc. where usage essentially requires developers to interact with the cloud provider for monitoring etc.

The deployment pattern is developer kicks off jenkins build job, then deployment job, which in turn kicks off a lambda. The logs are available via ELK

Who is monitoring those lambdas (e.g. resource usage)? We found that the standard AWS Lambda Dashboard requires already a gazillion of permissions making it fairly tedious to manually maintain least privilege.

There is an API which triggers and monitors the lambda

Sorry I meant, CPU/Memory usage of the Lambda itself so developers can understand any performance issues etc.

the lambda just deploys the code. CPU and memory stats are exposed via ELK and Graphana

Ah sorry I assumed you are also using lambda for your code. So no high-level offerings, just EC2?

ECS on EC2