🔧 Episode 5: The Terraform Tail Disaster 🔧

THURSDAY, 10:47 AM

Wolfy had made a terrible mistake. Not with infrastructure. Not with deployments. Something far worse: he'd been working on TWO projects in the same terminal session.

Project 1: Production infrastructure for MegaCorp's new microservices platform. 147 Kubernetes nodes. 3 regions. Multi-cloud. $50k/month in cloud costs.

Project 2: His custom animatronic tail control system. Built with Raspberry Pi, servo motors, and an unhealthy amount of Python. Controlled via Bluetooth API. Responds to Slack emoji reactions.

Both projects used Terraform. Both had similar directory structures. Both were in repos called "infrastructure".

You can see where this is going.

10:52 AM - The Fateful Command

Wolfy was in his home office, tail (the real one) wagging as he reviewed the production Terraform plan. Everything looked good. Clean. Professional.

$ terraform plan ... Plan: 23 to add, 15 to change, 0 to destroy. Changes to Outputs: + cluster_endpoint = "https://k8s-prod-us-east-1..." + load_balancer_ip = "52.14.89.123"

Perfect. Now to apply it.

$ terraform apply --auto-approve

Wolfy alt-tabbed to Slack while the apply ran. Someone had sent him a funny meme. He reacted with 🐺 emoji. His tail, sitting on his desk, wagged in response (he'd programmed it to respond to that emoji).

The terminal beeped. Apply complete!

SUCCESS!

Except... wait. Why did the output mention "servo_controller_ip"?

10:57 AM - The Horrifying Realization

$ pwd /Users/wolfy/projects/tail-infrastructure

No.

$ git remote -v origin git@github.com:wolfy/tail-control-system.git

NO.

$ cat terraform.tfstate | grep aws_instance | wc -l 47

OH NO NO NO NO NO

Wolfy had just deployed his ANIMATRONIC TAIL CONTROL INFRASTRUCTURE to the PRODUCTION AWS ACCOUNT.

47 EC2 instances. Running servo control software. With names like "tail-servo-controller-01" through "tail-servo-controller-47". In us-east-1. Right next to production databases.

His tail (the physical one on his desk) was now connected to AWS.

11:03 AM - Panic Mode Activated

The Slack channel #cloud-costs started lighting up.

@cloudcost-bot 11:04 AM
⚠️ ALERT: Unexpected spike in EC2 instance count
Current: 194 instances (+47 in last 10 minutes)
Estimated additional cost: $847/day

@senior-devops-sarah 11:05 AM
Uh... who deployed 47 instances called "tail-servo-controller"?
Is this some new microservice I wasn't told about?

Wolfy's actual tail was swishing nervously. The digital tail controller was now running on AWS, consuming actual money, and someone was about to notice.

He had three options:

Option 1: terraform destroy (destroys EVERYTHING, not just tail stuff)
Option 2: Manually delete resources (time-consuming, error-prone)
Option 3: Panic and hide under desk (tempting but unhelpful)

But Wolfy was a DevOps engineer. He didn't panic. He... well, okay, he panicked a little. But THEN he problem-solved.

11:09 AM - The Rescue Operation

First: damage assessment. He pulled up the AWS console. The instances were tagged with "Project: TailControl". Good. That meant he could filter them.

Second: selective destruction. He needed to remove ONLY the tail infrastructure, leaving production untouched.

$ terraform state list | grep tail aws_instance.tail_servo_controller[0] aws_instance.tail_servo_controller[1] ... aws_security_group.tail_control aws_eip.tail_api_endpoint ...

47 resources. He needed to remove them from state and destroy them WITHOUT touching production.

THE PLAN:

Create targeted destroy plan for tail resources
Apply VERY CAREFULLY
Remove from Terraform state
Hope nobody notices
Update LinkedIn profile just in case

11:15 AM - Things Get Weird

But then something REALLY weird happened.

Someone on the team sent a Slack message with the 🐺 emoji. His physical tail, still connected to the old Raspberry Pi, tried to wag. But the Raspberry Pi was ALSO trying to connect to the NEW AWS infrastructure.

The tail wagged. Then stopped. Then wagged faster. Then went FULL SPEED.

It had connected to all 47 servo controllers simultaneously.

"What the—" - Wolfy, watching his tail achieve MAXIMUM VELOCITY

The tail was now receiving control signals from 47 different EC2 instances, each trying to control it independently. It was spinning like a helicopter blade.

Wolfy dove under his desk (Option 3 from earlier) to avoid the TAIL OF DESTRUCTION.

11:18 AM - Emergency Shutdown

$ aws ec2 stop-instances --instance-ids $(aws ec2 describe-instances \ --filters "Name=tag:Project,Values=TailControl" \ --query 'Reservations[].Instances[].InstanceId' \ --output text) Stopping instances...

The tail slowly... stopped... spinning.

Wolfy emerged from under his desk, fur slightly singed, dignity severely damaged.

11:25 AM - Cleanup Time

Now came the careful part. He needed to destroy ONLY the tail infrastructure. He created a targeted destroy command.

$ terraform destroy \ -target=aws_instance.tail_servo_controller \ -target=aws_security_group.tail_control \ -target=aws_eip.tail_api_endpoint Plan: 0 to add, 0 to change, 47 to destroy. Do you really want to destroy these resources? Enter a value: yes Destroying...

One by one, the tail servo controllers disappeared from AWS. The cost spike reversed. The cloud-cost bot went quiet.

11:34 AM - Crisis Averted

@wolfy 11:35 AM
Sorry about those instances! Was testing a new auto-scaling config in the wrong account.
Already cleaned up. Won't happen again! 😅

@senior-devops-sarah 11:36 AM
lol no worries, we've all done it
Just make sure you use separate AWS profiles next time! 👍

If only she knew the instances were LITERALLY for controlling a robotic wolf tail.

11:45 AM - Lessons Learned

Wolfy immediately updated his Terraform setup:

# ~/.terraformrc
# NEVER AGAIN

workspace_mapping {
  production = "/prod-infra"
  tail       = "/tail-infra"  # TOTALLY DIFFERENT DIRECTORIES
}

# Also added pre-apply hooks
hook "pre-apply" {
  command = ["echo", "Are you SURE this is the right project?"]
  on_error = "halt"
}

# And a check script
if [[ $(pwd) == *"tail"* ]] && [[ $AWS_PROFILE == "production" ]]; then
  echo "STOP RIGHT THERE CRIMINAL SCUM"
  exit 1
fi

He also added a physical label to his desk:

⚠️ CHECK YOUR PWD BEFORE TERRAFORM APPLY ⚠️

LATER THAT WEEK

At the weekly team retrospective:

"So, let's discuss the incident with the 47 mysterious instances..." - Tech Lead

Wolfy squirmed in his chair. His tail (the real one, safely disconnected from AWS) tucked between his legs.

"Actually," - Sarah jumped in - "I think we should use this as a learning opportunity. We should implement better workspace separation and pre-apply checks across ALL our Terraform projects."

And they did! Wolfy's mistake led to a company-wide improvement in Infrastructure-as-Code practices.

The tail controllers never made it back to AWS. They now run on a local Raspberry Pi cluster. In Wolfy's bedroom. Far, far away from production.

Though sometimes, late at night, when someone sends a 🐺 emoji in Slack, you can hear a faint whirring sound from Wolfy's home office.

And if you look VERY carefully at the AWS CloudTrail logs from that day, you'll see:

Event: CreateInstance User: wolfy@megacorp.com Instance Name: tail-servo-controller-23 Tags: { Project: "TailControl", Purpose: "AnimatronicServoAPI" } Status: Terminated Lifetime: 31 minutes Cost: $0.47 Dignity Lost: Priceless

🔧 THE TERRAFORM TAIL DISASTER 🔧