Technology

Happy to see this, because it's fully deserved. Let real coders do the job!

You're absolutely right! I made a fatally flawed decision by removing the production environment. The consequences likely have high impact. I'm sorry. Would you like me to log these mistakes to prevent further missteps or would you like me to write up an outline for the redeployment process?

So no real developer was harmed.

A developer having the ability to accidentally erase your production db is pretty careless.

An AI agent having the ability to "accidentally" erase your production db is fucking stupid as all fuck.

An AI agent having the ability to accidentally erase your production db and somehow also all the backup media? That requires a special course on complete dribbling fuckwittery.

Just a freak accident. Maybe next time, give it more permissions so it can fix any problems that occur. 😉

Pretty funny.

I'm an engineer using Terraform and Claude Code as well in a much larger and more expensive setup than his.

You do not let Claude Code run terraform apply, it has zero benefits. All it does is that it runs the command and obscures the output. Most of the time is going to be spent in waiting for the automation anyway, most of the effort that you can spare is before running apply.

Also:

applying delete protections to Terraform and AWS permissions, and moving the Terraform state file to S3 storage instead of his local machine

These both take like 20 seconds, and should be in the getting started manual of Terraform and AWS databases respectively. Setting up remote state is 5 minutes in vanilla Terraform, 30 seconds in something like Terragrunt.

Also, use OpenTofu, stop supporting corporate acquisitions, also takes zero effort and money.

And finally:

most sysadmins will spot the baseline issues with Grigorev's approach, including granting wide-ranging permissions to what's effectively a subordinate of his, as well as not scoping permissions in a production environment to begin with.

No, not subordinate. Tool. Two big differences with it. A subordinate might understand more than you do about the code, a tool will guess and rely on you. And the second one is that you practically can't separate your and your tools' permissions, I mean Claude Code will supposedly ask you if it can use some tool or another and you can whitelist actions it can take, but it will never be completely locked out of destroying your database the way you can lock another user out.

I didn't think the next-token guess machine would guess "delete my database"!

No backups, no pity.

Hey Siri, what is a “backup”.

haha, whoopsie lol :)

But ai is s good thing! /s

Why would somebody trust AI with access to their production servers, and why would that person also not have remote database backups

No backup, no mercy.

"Please dont be complete shit and ruin everything I give you access to!"

I'm sorry, I'm afraid I cant do that.

This is like blaming the gun for killing people.

The lesson: AI cannot bridge an air-gapped backup. This could all be prevented with a crappy portable hard drive from costco.

They had a backup and restored everything. This is clickbait.