This series of posts demonstrated how to use some nice tools to build a simple full-stack automation solution that can be used to automate almost everything on your infrastructure.
The architecture demonstrated is not static and can be modified to best fit a team/company needs.
You can (and should) separate the API on 2 layers: One to deal with data validation and business rules (this is accessed by the user); One with basic validation, parsing and uploading data on gitlab.
You can make an audit function, either together on the pipeline/awx or separated. You gather info from your automated element (eg.: router) and compare it with the information on gitlab (reverse parsing it) to be sure that what was sent is really on the automated element.
You can (and really should) add a bastion host to access your automated elements, and make AWX use, for example, SSH tunnel prior to connecting to the automated element, protecting it even more from undesirable access.