In every company, IAM (Identity and Access Management) is a crucial part of your security, and you need to think about it very carefully.
As the company grows, this part becomes more complex to maintain and more complex to organize. Segment has this problem because not only they are growing as a company and as the number of employees, but they are also growing the number of AWS accounts that the company manages (because of multiple reasons, not pertinent to the article).
This article explains how they manage their own IAM and how they are currently successfully run dozens of AWS accounts without anyone having any AWS API key.
I believe there is still a lot to learn for me on this topic, especially on how to use effectively AWS IAM and external IAM services, but this is a great article to start thinking about your strategy.