Modularize code and documentation

[john-flagship]

Hey Paul, really awesome work!

Since you've added so much to this blueprint it's now kind of monolithic. I'm suggesting to decouple the infrastructure components (along with the docs) from the actual blueprint. Here's a user story to describe why:

My company started with a single AWS account. When Control Tower launched we implemented it using AWS SSO and the initial account became our master. The multi-account model enabled by Control Tower and Organizations is so powerful that we plan to create separate research accounts for our different departments, projects and fellowships.

We've chosen to stick with AWS SSO for now and don't want the AD pieces. If and when we do switch to AD, we'll want to connect to our existing installation. It turns out that BB 2.0 works just fine with AWS SSO - though to be clear, the AD instance is running and still used for VPN admin auth.

The TGW account is a revelation! But it only needs to be set up once while the BB needs to be implemented in each research account. We'd love it if the BB code could be run as a separate module, adding associations, routes, etc to the existing TGW auto-magically.

[john-flagship]

Actually, my multi-research account user story presents an interesting issue.

Accounts created via Control Tower have VPCs that are assigned identical CIDR ranges (source). So BB would have to create a new VPC (which it does) but expose the CIDR as a parameter (which it doesn't) in order to be routable via TGW.