Hardening security around self hosted gitlab on aws


I’m looking into deploying a self hosted instance of gitlab into aws.

We have a aws account where all our application infra is and we use terraform to manage that.

My question is mainly around security.

Is it wise to deploy the gitlab infra next to our application infra?

I understand that the instance has a backup capability as well, is it possible to have more backups?

How do we make sure that the gitlab infra code and instances is not damaged by user mistake or disgruntled employees?