I am reading an article named How to deploy a production-grade VPC on AWS. I could not understand if I should create an IAM user in production env to operate resources in mgmt vpc. According to multiple accounts practices, only roles can be created in production env. So how can I resolve this problem.
In addition to the problem mentioned above, I also could not understand if CI server, such as Jenkins, is deployed in mgmt vpc in production env, why we still use shared-service account to deploy CI server.
Thanks in advance!