This is a tricky subject to generalise about, as engineering functions will have differing requirements, so there is no one-size-fits-all. However, the statement " not every developer on your team should have access or direct access from their terminal to the production environment" is surely incorrect. Developers should never have write access to production, (this is what release pipelines are for). They can of course have read-only access, which I would suggest is managed through strict IAM policies, as explained in the rest of the text.
Yeah exactly. We should clarify that it’s write access that should be restricted.