FRESH

Hacker News

Home

Claude Code wiped our production database with a Terraform command

138 points by jv22222

by EdNutting

9 subcomments

No staging environment?
No prior attempt to follow best practices (e.g. deletion protection in production)? Nor manual gating of production changes?
No attempt to review Claude's actions before performing them?
No management of Terraform state file?
No offline backups?
And to top it off, Claude (the supposed expert tool) didn't repeatedly output "Are you insane? No, I'm not working on that." - Clearly Claude wasn't particularly expert else, like any principal engineer, it would've refused and suggested sensible steps first.
(If you, dear reader of this comment, are going to defend Claude, first you need to declare whether you view it as just another development tool, or as a replacement for engineers. If the former, then yeah, this is user error and I agree with you - tools have limits and Claude isn't as good as the hyped-up claims - clearly it failed to output the obvious gating questions. If the latter, then you cannot defend Claude's failure to act like a senior engineer in this situation.)

by SunshineTheCat

4 subcomments

Putting yourself in a situation where this could happen is kinda insane, right? Could be something I'm missing.
I can't think of any specific example where I would let any agent touch a production environment, the least of which, data. AI aside, doing any major changes makes sense to do in a dev/staging/preview environment first.
Not really sure what the lesson would be here. Don't punch yourself in the face repeatedly?

by stavarotti

4 subcomments

If you found this post helpful, follow me for more content like this.
I publish a weekly newsletter where I share practical insights on data and AI.
It focuses on projects I'm working on + interesting tools and resources I've recently tried: https://alexeyondata.substack.com
It's hard to take the author seriously when this immediately follows the post. I can only conclude that this post was for the views not anything to learn from or be concerned about.

by xmodem

2 subcomments

An engineer recklessly ran untrusted code directly in a production environment. And then told on himself on Twitter.

by NicuCalcea

0 subcomment

Quite funny that that author followed up with this tweet:
> If you found this post helpful, follow me for more content like this.
> I publish a weekly newsletter where I share practical insights on data and AI.

by semiquaver

1 subcomments

I’m not going to “defend” the LLM here but this:
```
  > I forgot to use the state file, as it was on my old computer
```
indicates that this person did not really know what they were doing in the first place. I honestly think using an LLM to do the terraform setup in the first place would probably have led to better outcomes.

by tomcatfish

5 subcomments

Despite multiple comments blaming the AI agent, I think it's the backups that are the problem here, right? With backups, almost any destructive action can be rolled back, whether it's from a dumb robot, a mistaken junior, or a sleep-deprived senior. Without, you're sort of running the clock waiting for disaster.

by import

0 subcomment

Well apparently guy were running tf from his computer and ask claude to apply changes while not providing state file, and “blaming” claude for the catastrophic result?

by 01284a7e

0 subcomment

I'm cool with blogging about your mess-ups, sort of. Is "I'm incompetent" a good content strategy though? Yeah, you're going to get a lot of traffic to that post, but what are you signaling? Your product is a thousand bucks a year. I would not go near it.

by Garlef

0 subcomment

A good rule of thumb:
- Don't even let dev machines access the infra directly (unless you're super early in a greenfield project): No local deploys, no SSH. Everything should go through either the pipeline or tools.
Why?
- The moment you "need" to do some of these, you've discovered a usecase that will most likely repeat.
- By letting every dev rediscover this usecase, you'll have hidden knowledge, and a multitude of solutions.
In conversation fragments:
- "... let me just quickly check if there's still enough disk space on the instance"
- "Hey Kat, could you get me the numbers again? I need them for a report." "sure, I'll run my script and send them to you in slack" "ah.. Could you also get them for last quarter? They're not in slack anymore"

by hahajk

1 subcomments

I'm absolutely loving the genre of "chatbot informing user it messed up real bad":
> CRITICAL: Everything was destroyed. Your production database is GONE. Let me check if there are any backups:
> ...
> No snapshots found. The database is completely lost.

by INTPenis

0 subcomment

And this guy is selling tech courses.
I'm no AI advocate, I have been using it for 6 months now, it's a very powerful tool, and powerful tools need to be respected. Clearly this guy has no respect for their infrastructure.
The screenshot he has, "Let me check if there are backups", a typical example of how lazy people use AI.

by fjwater

0 subcomment

Why would you do this?
> Make no backups
> Hand off all power to AI
> Post about it on twitter
> "Teaching engineers to build production AI systems"
This has to be ragebait to promote his course, no?

by Havoc

0 subcomment

I love the guys twitter bio thing
>Teaching engineers to build production AI systems
>100,000+ learners

by sornaensis

1 subcomments

Can someone explain to me why anyone would do this, and then tweet about it..? Is he really trying to blame 'ai agents' and 'terraform' .. ??

by tdsanchez

0 subcomment

That’s why you tell CC to do a ‘terraform plan’ to verify it’s not wrecking critical infrastructure and NEVER vibe-code infrastructure.

by happytoexplain

1 subcomments

Yes, the engineer is at fault, but the instinct to attack him is distracting from the more interesting conversation, which is that AI and agents are making it more complicated to properly set up security. I imagine it will get better over time, but right now, it's much easier to shoot yourself in the foot than ever before.

by aldarisbm

0 subcomment

This guy is... an interesting person.
He had a state file somewhere that was aligned to his current infrastructure... why isn't this on a backend, who really knows...
He then ran it without a state file and the ran a terraform apply... whatever could get created would get created, whatever conflicted with a resource that already would fail the pipeline... moreso... he could've just terraform destroyed after he let it finish and it would've been a way more clean way to clean up after himself.
Except... he canceled the terraform apply... saw that it created resources and then tried to guess which resources these were...
I'm sorry he could've done all of this by himself without any agentic AI. Its PICNIC 100%

by samuelknight

0 subcomment

One of Terraform's most powerful features that it will tell exactly which resources change before it makes the changes. The hard part is writing Terraform, not reviewing and running one command. In my workflows I am the one who runs "terraform apply", NOT the agent.

by swframe2

0 subcomment

I suspect we need to build MCP servers that prevent destructive commands. For example, we need a "bash" tool doesn't invoke /usr/bin executables directly. The agent should think it is invoking a unix command but those commands are proxies that prevent destructive operations with no ability for an agent to circumvent the restrictions. If there isn't a MCP server for your specific setup/need, building one just for your need should be your first step.

by lousken

0 subcomment

Thankfully, I don't know anyone this insane doing sysadmin job, yet. But if I knew I'd make sure he's fired and never touches prod again.

by anonzzzies

0 subcomment

The ability to delete backups is wild. That simply should have have mfa on it by default. Send at least for that event the owner of the account an email and sms; He, All Your Snapshots Are Going To Be Deleted, Enter this OTP if you are! Can't hurt: still automate all, just cannot delete snapshots like that no matter what.

by Zealotux

2 subcomments

To think I used to find Silicon Valley a bit too much on the nose: https://www.youtube.com/watch?v=m0b_D2JgZgY

by newswangerd

0 subcomment

There was a project at Ansible that aimed to address this kinda thing when I worked there. The idea was to write policy as code definitions that would prevent users (or AI) from running certain types of automation. I don’t know where that project ended up but reading about this makes me think that they were on to something.

0 subcomment

by ks2048

0 subcomment

Pairs well with his Twitter bio: "Teaching engineers to build production AI systems".

by sakopov

0 subcomment

> Founder @DataTalksClub | Teaching engineers to build production AI systems | AI agents, LLMs, ML, data engineering | 100,000+ learners
Dear lord, imagine this guy teaching you how to build anything in production...

by jinko-niwashi

0 subcomment

This is what happens when you give an agent execution power without guardrails. The tool isn't the problem — the absence of governance is. In my setup I treat the AI as a junior dev with root access: every destructive operation requires explicit human approval, and the session context includes hard constraints on what it can and can't touch.
The productivity gains from AI agents are real, but only if you invest in the boring part first — deterministic boundaries that don't depend on the model being smart enough to not break things.

by Robdel12

0 subcomment

This is only the beginning. People are far far too reckless with their LLMs.
I am still heavily checking everything they’re doing. I can’t get behind others letting them run freely in loops, maybe I’m “behind”.

by 6thbit

0 subcomment

Blaming it on AI agents is the new blaming it on the intern.
It has never been the intern's fault, it's always the lack of proper authorization mechanisms, privilege management and safeguards.

by hyperbolablabla

0 subcomment

At the most basic level, even just not letting Claude run terraform apply would've solved this issue. Review the god damn plan first! This is like engineering 101

by andrewstuart

2 subcomments

No.
YOU wiped you production database.
YOU failed to have adequate backups.
YOU put Claude Code forward as responsible but it’s just a tool.
YOU are responsible, not “the AI did it!”

by myworkaccount2

1 subcomments

So even if you delete everything and make sure to keep no backups, amazon can still recover the db. What am i missing here?

by johann8384

0 subcomment

Fixed it: "We used Claude code to write Terraform that wiped out production database".

by andy_ppp

0 subcomment

I can’t wait for ChatGPT to control the autonomous weapons, screw it put it in charge of the nukes!

by dubeye

0 subcomment

I'm an amateur and would never let AI touch a live database....

by rvz

0 subcomment

Not the first time i've seen vibe coders causing havoc on production systems.
Under no circumstances should you even let an AI agent near production system at all.
Absolutely irresponsible.

by zthrowaway

0 subcomment

Stores his production TF state on his local computer…
I don’t think AI is to blame here.

by whalesalad

0 subcomment

I do not let any `terraform apply` commands occur via automation in my org.

by BoredPositron

4 subcomments

You wiped your production database. You actively ignored the warnings of your tooling and your backup strategy was bad. Incompetence as content is surging in the last few weeks.

by networkcat

0 subcomment

This is exactly why you can't replace DevOps engineers with AI

by bakies

0 subcomment

This is why Claude only has read access to all my infrastructure.

by jdlyga

0 subcomment

Rookie move. Why is Claude Code able to run terraform?

by docjay

0 subcomment

Once again there’s another horror story from someone who doesn’t use punctuation. I’d love to see the rest of the prompts; I’d bet real cash they’re a flavor of:
“but wont it break prod how can i tell”
“i don want yiu to modify it yet make a backup”
“why did you do it????? undo undo”
“read the file…later i will ask you questions”
Every single story I see has the same issues.
They’re token prediction models trying to predict the next word based on a context window full of structured code and a 13 year old girl texting her boyfriend. I really thought people understood what “language models” are really doing, at least at a very high level, and would know to structure their prompts based on the style of the training content they want the LLM to emulate.

by zamalek

0 subcomment

Friendly reminder: most cloud providers have deletion locks. Go and enable them on your prod dbs right now.
Sure, Claude could just remove the lock - but it's one more gate.
Edit: these existed long before agents, and for good reason: mistakes happen. Last week I removed tf destroy from a GitHub workflow, because it was 16px away from apply in the dropdown. Lock your dbs, irrespective of your take on agents.

by moralestapia

0 subcomment

Wow. For this to happen, there's like 5 levels of sloppiness that need to be (or not be) there.
Good thing the guy is it's own boss, I would've fired his ass immediately and sue for damages as well. This is 100% neglectful behavior.

by Mars008

0 subcomment

Vibeadministration is coming after vibecoding. Get ready...

by renewiltord

0 subcomment

I don’t use Terraform much anymore because don’t need it but that’s not how you use it.
Always forward evolve infra. Terraform apply to add infra, then remove the definition and terraform apply to destroy it. There’s no use in running terraform destroy directly on a routine basis.
Also, I assume you defined RDS snapshots also in the same state? This is clearly erroneous. It means a malformed apply human or agent results in snapshot deletion.
The use of terraform destroy is a footgun waiting for a tired human to destroy things. The lesson has nothing to do with agent.

by HackerThemAll

0 subcomment

Yeah, sure, blame Claude for not having backups. Sure do.

by bryan_w

0 subcomment

This is rage bait

by paxys

0 subcomment

> Teaching engineers to build production AI systems | AI agents, LLMs, ML, data engineering |
> In the newsletter, I wrote the full timeline + what I changed so this doesn't happen again.
> If you found this post helpful, follow me for more content like this.
So yeah, this is standard LinkedIn/X influencer slop.

by weedhopper

0 subcomment

Looks like he never had any idea what he was doing in the first place. Vibe bro classic.

by nickvec

0 subcomment

No replicas?

by MagicMoonlight

0 subcomment

Claude code is really dangerous. It doesn’t even tell you what it is doing. You have no idea what it is thinking or what it is changing.
They’re doing it to try and stop people copying their methods, but it’s evil.

by yearolinuxdsktp

0 subcomment

Your AWS backup snapshots must go one-way (append-only) to a separate AWS account, to which access is extremely limited and never has any automated tools connecting to with anything other than read access. I don’t think it costs more to do that—-but it takes your backups out of the blast radius of a root or admin account compromise OR a tool malfunction. With AWS DLM, you can safely configure your backup retention in the separate AWS account and not risk any tools deleting them.
Terraform is a ticking time bomb. All it takes is for a new field to show up in AWS or a new state in an existing field, and now your resource is not modified, but is destroyed and re-created.
I will never trust any process, AI or a CD pipeline, execute `terraform apply` automatically on anything production. Maybe if you examine the plan for a very narrow set of changes and then execute apply from that plan only, maybe then you can automate it. I think it’s much rarer for Terraform to deviate from a plan.
Regardless, you must always turn on Delete Protection on all your important resources. It is wild to me that AWS didn’t ship EKS with delete protection out of the gate—-they only added this feature in August 2025! Not long before that, I’ve witnessed a production database get deleted because Terraform decided that an AWS EKS cluster could not be modified, so it decided to delete it and re-create it, while the team was trying to upgrade the version of EKS. The same exact pipeline worked fine in the staging environment. Turns out production had a slight difference due to AWS API changes, and Terraform decided it could not modify.
The use of a state file with Terraform is a constant source of trouble and footguns:
- you must never use a local Terraform state file for production that’s not committed to source control - you must use a remote S3 state file with Terraform for any production system that’s worth anything - ideally, the only state file in source control is for a separate Terraform stack to bootstrap the S3 bucket for all other Terraform stacks
If you’re running only on AWS, and are using agents to write your IaaC anyway, use AWS CloudFormation, because it doesn’t use state files, and you don’t need your IaaC code to be readable or comprehensible.

by idontwantthis

0 subcomment

This is like /r/wallstreetbets loss porn. Why is he posting his own idiocy for clout? I can only guess it's fake and he's trying to gin up rage engagement. It's certainly working on here.

by beepbooptheory

0 subcomment

For all the employment insecurity going around, each day I am more and more confident in myself. I imagine myself ten years from now as one of the 1-in-10 guys left who actually knows things anymore, even just reads things. It will be a formidable superpower!
Still, if in ten years I am on the streets, I will still have spared myself whatever this hell is... I know they deserve it, but I still feel bad for the humans in the center here. How can we blame people really when the whole world and their bosses are telling you its ok? Surely its a lot of young devs too here.. Such a terrible intro to the industry. Not sure I'd ever recover personally.

by ChrisArchitect

0 subcomment

[dupe] Source: https://alexeyondata.substack.com/p/how-i-dropped-our-produc... (https://news.ycombinator.com/item?id=47275157)

by avereveard

0 subcomment

"I gave an automation I didn't control permissions it shouldn't have"

by karmakaze

0 subcomment

Funny how when Claude Code makes something people take credit.

by beAbU

0 subcomment

Play stupid games, win stupid prizes.
The more you fuck around, the more you find out.

by fred_is_fred

2 subcomments

s/Claude Code/unsupervised intern/ and it's the same story, except people might have more sympathy (for the intern).

by phendrenad2

0 subcomment

I blame not only the engineer who ran the command, Claude which made the mistake, but also software engineers as a group (because Terraform is way too dangerous a tool to be used by engineers and not dedicated SREs, yet we have somehow made this the default. I'm happy to be convinced otherwise, but I've seen enough carnage when "senior" engineers fuck up terraform that it'll be difficult), and also I blame cloud platforms like AWS that are overly complex and led to the Claude confusion.

by kittikitti

0 subcomment

These stories make me feel better for pushing a bug into production "that one time".
I rarely say this, but there needs to be a new jargon or a concept for an AI staging environment. There's Prod <- QA <- Dev, and maybe even before Dev there should be an environment called "AI" or even "Slop".

by aplomb1026

0 subcomment

[dead]

by Smart_Medved

0 subcomment

[dead]

by shablulman

0 subcomment

[dead]

by smohare

0 subcomment

[dead]