I'd like to have an IAM user which would be able to create whatever resources they like, BUUTTTT able to see and manage only those resources created by itself, like a "subcloud" which has no idea about others, or like having completely separate root accounts basically (while keeping the overview from the one root account). I can't find anything of sorts... Permission boundaries and generally all policies seem to only be based on restricting on actions, while I want to restrict on ownership.
You might want to have a look at ABAC within AWS IAM. You can set tags on users/roles and then set tags on the AWS resources being created by them and then control the access based on those tags.
We have been using the same approach in our firm. We have various software platforms and we set up IAM groups for each platform and add users accordingly. We setup roles for each group and apply policies (using SCP) so that people cannot spin up resources without tags. Then we use ABAC to restrict each team to have control on their own resources.
https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_attribute-based-access-control.html