A best practice for modern application hosting is to run identical non-prod and prod environments. The prod environment should be locked down so that no manual changes can occur to it, reinforcing another best practice of making all Infrastructure changes through Code and promoting through a pipeline.

One AWS-native approach is to use Codepipeline for your infrastructure pipeline, CloudFormation (CFN) for your Infrastructure as Code, and CodeCommit as the git repo for this code. Doing so within the same account (such as across VPC) is trivial, but doing so across accounts requires some un(der)documented maneuvers. An example of this, using YAML CFN, is available on my GitHub.