I'm a former consultant, so the answer is, as always, "it depends".
Strengths of running in different tenants:easier to manage (only one instance to run and upgrade) configuration, such as lambda or identity provider config, can be shared across tenants cheaper to run (again, only one instance and database to pay for)
Strengths of running in different instances:true isolation when running you can allow developers access to the admin ui of the instance a misconfiguration in development isn't going to affect production you can have a true IaC approach, where you deploy config changes across environments one at a time
In general, it makes sense to be careful about production environments, as if any configuration changes are made in error, it can impact the customer experience.
It really depends on what works best for you.