Should the infrastructure code be stored in the same repository as the application code?

Question

I am setting up an infrastructure to support a WebApp. One of my repositories have all the Network Infrastructure (VPC, Subnets, NAT, Bastion and so on). The WebApp has a Route 53 + ALB + AutoScalling Group + EC2 Instances. All of them were coded in Cloudformation templates. My question is if the WebApp Cloudformation templates should be store in the same repository as the application? Is there any best practice on how to separate infrastructure and app code?

Answer 1

As a general rule you should keep your infrastructure next to the application code. So, yes you should have it in the same repository.

Of course you might be in the case in which some resources are shared between different projects. In this case I suggest you to have a separate repository containing only the shared piece of infrastructure. What I would do here would be the following:

• one repository for shared infrastructure: VPC, public and private subnets, dns root zones.
• one repository with your webapp and its relative infrastructure.

This gives you the benefit to implement pipelines that build artifacts and apply new infrastructure at the same time.

Answer 2

This is really a matter of opinion, but I think the trend is to keep everything needed for your application/service with the code. With that said, you will often have things that are shared (e.g. a VPC), you often end up having those in a separate repo (depending on how you organize your code; there seems to be a push for mono repos these days).

CloudFormation Best Practices has some good information on organizing your stacks, though it doesn't address your question.