Question on the aws side: when you want to make a new serverless app, do you guys just make a whole new aws account every time, or is there a better way to do it? Just trying to figure out what the “best practice” is for that part.

I would say one account keeps all of your billing in one place. There are some tips in the guide at the end on best practices for this sort of stuff. Something like this might be helpful https://serverless-stack.com/chapters/manage-aws-accounts-using-aws-organizations.html

Wondering if this is still the recommended way or doing it with SSO and control tower is best more appropriate? When using control tower with account factory I tend to created a new email for the root of the manufactured account as myemail+project@gmail.com. I think it depends really, but orgs withany accounts created manually will also be fine, just a little less oversight.