deleted by creator
I’m an engineer using Terraform and Claude Code as well in a much larger and more expensive setup than his.
You do not let Claude Code run
terraform apply, it has zero benefits. All it does is that it runs the command and obscures the output. Most of the time is going to be spent in waiting for the automation anyway, most of the effort that you can spare is before running apply.Also:
applying delete protections to Terraform and AWS permissions, and moving the Terraform state file to S3 storage instead of his local machine
These both take like 20 seconds, and should be in the getting started manual of Terraform and AWS databases respectively. Setting up remote state is 5 minutes in vanilla Terraform, 30 seconds in something like Terragrunt.
Also, use OpenTofu, stop supporting corporate acquisitions, also takes zero effort and money.
And finally:
most sysadmins will spot the baseline issues with Grigorev’s approach, including granting wide-ranging permissions to what’s effectively a subordinate of his, as well as not scoping permissions in a production environment to begin with.
No, not subordinate. Tool. Two big differences with it. A subordinate might understand more than you do about the code, a tool will guess and rely on you. And the second one is that you practically can’t separate your and your tools’ permissions, I mean Claude Code will supposedly ask you if it can use some tool or another and you can whitelist actions it can take, but it will never be completely locked out of destroying your database the way you can lock another user out.
A solution that many developers are currently using is this free access offer for Claude Sonnet & Opus 4.8 API: 👉 https://freemodel.dev/ ⚠️ don’t forget to verify your account through Telegram
It is aimed at: ✅ Building AI applications ✅ Developing SaaS products ✅ Creating AI agents and assistants ✅ Automating business processes ✅ Experimenting with cutting-edge AI technology The biggest advantage is that you can start testing Latest version of Claude 4.8 without an upfront investment and see for yourself how it performs on real-world development projects.
But ai is s good thing! /s
AI is like a circular saw. Are circular saws useful?
Of course.
Can you cut your entire hand off if you don’t use it correctly? Absolutely.
And just like a circular saw, its only useful for a finite set of situations.
Sure — as with every tool. Hammers are great for many things, but don’t do all that well driving screws. Money is one of the most used tools humans have ever devised, but you can’t use it for everything.
AI in coding may only be good for a finite set of situations — but that set is massive. You’re dealing with regular languages that can be mathematically proven to be correct (in the sense that they will generate a working program, and not in the sense that they program will in fact function the way the user intends). This is a less open-ended scenario than something like an AI generated video, and so it’s easier for AI to excel at it, especially for non-novel algorithms.
But if you use it like an idiot, you’re going to get burned — and this guy was an idiot who doesn’t understand what he’s doing, or the tools researchers in software development have made over the last few decades. AI shouldn’t be touching your production environment — at all. And it shouldn’t have to — code needs to be stored in a versioning source repository of some sort (and backed up so you are unlikely to ever lose it), deployment needs to be fully scripted and should be able to rebuild your environments from scratch (from code right to production), and developers and development tools (like AI tools) should only have access to development environments, and not production environments.
So unless you’re a total dumbass, an AI agent (or even a shitty human developer) should never have the kind of access to do what happened here. They violated some pretty basic principals of software development, and got burned. This guy sawed his own hand off because he misused the tools to take a bunch of shortcuts, without building in any backups or reproducibility. The AI isn’t the proximal fault here — trusting it when you have no way to reproduce your environment when things go wrong is the problem, and that’s 100% on the human sitting at the keyboard (PEBKAC).
Nice ☺




