[FIXED] what are pros and cons between setting up aws codepipeline on a dedicated account to the individual(application) accounts itself

Issue

I'm trying to figure out what are the pros and cons between setting up aws codepipeline on a dedicated account to the individual(application) accounts itself in the long run

Solution

I would say sepration of responsibilities.

If you have your (production) application in a separate account, you can minimize any accidental manual/accidental modifications to it by users who operate on development or testing environments. The account will have very strict access rules and it should be basically immutable. This de-facto provides a "physical" barrier between your application environment and development/testing environments.

In contrast, when you put everything into the same account, the natural border between the application and everything else diminishes. This could lead to a number of issues, such as:

• security concerns (who can access your running application),
• accidental modifications of running application,
• confusion of what resources are part of the application and which are part of the pipeline or development environment,
• non-well defined responsibilities of who does want in such a account, and more.

Answered By - Marcin

Answer Checked By - Katrina (PHPFixing Volunteer)