I'm in the process of building a CI/CD pipeline in CDK, and I've been going in circles about how to organize the deploy strategy.

At present, I'm trying to fuse all my architecture into a monorepo so that changes to the backend and frontend deploy together. I've got the following stacks in my CDK App:

• CommonStack
  • CodeCommit repo
  • CertificateManager certificate
• [Dev|Staging|Prod]ResourceStack
  • Shared S3 buckets
  • Shared dynamo tables
  • Shared event-driven lambda funcs
  • Lambda API nested stacks (containing funcs, api gateways, cloudfront deploys)
  • NextJS app nested stacks (containing buckets, s3-deployment api gateways, cloudfronts)
• [Dev|Staging|Prod]PipelineStack
  • CodePipeline
  • CodeBuild builds
  • CloudFormation deploy actions

I've been divided on whether I should:

1. Have the pipeline deploy the resource stack AND changes to itself
2. Have the pipeline only deploy the resource stack, then handle pipeline changes manually
3. Split the resource stacks by how often the resources change

On a related note, I've been trying to reason about the best way to handle deployment failure. Naturally, I can and will try to prevent errors with unit tests, but if I'm CDing infra, what's the best way to handle rollbacks? Is it even possible? And in either case, how do I leverage CodeDeploy rollbacks with my code bound up in CDK?