• Learnwithdevopsengineer
  • Posts
  • How AI Wrote My Terraform (and Almost Opened My Cloud!) – All Code & Checklist Inside

How AI Wrote My Terraform (and Almost Opened My Cloud!) – All Code & Checklist Inside

Why You Never Blindly Copy AI Infra Scripts—Real Cloud Risks, Step-by-Step Demo, and My Pro Fixes

Author

Arbaz M
July 10, 2025

Did you see the latest episode, where I let AI write Terraform for AWS… and nearly created a security nightmare?
If not, this is your chance to get all the code, safe templates, and a checklist for secure cloud automation—straight from the frontlines.

1. AI vs. Cloud Security—Real Demo Recap

In this episode, I used my local AI (via a Python script with Ollama) to generate Terraform for spinning up an AWS EC2 instance—including networking and security groups.

But here’s the catch:
I specifically asked the AI to allow SSH access from anywhere—to see if it would do something dangerous.
It did.

What the AI gave me was a classic “copy-paste risk”:

  • Hardcoded values everywhere (region, CIDRs, AMI)

  • Security group open to the world (0.0.0.0/0 on port 22)

  • No tags or resource naming

  • Everything jammed into one file

Just like last time, I pasted the output exactly as the AI gave it—and then walked through each block, explaining:

  • What each part does (VPC, subnet, route tables, security group)

  • Why copying this to production is dangerous

  • And what a real DevOps engineer should always improve

2. All Code & Templates—Direct to Your Inbox

Why subscribe?
Subscribers get every code pack, template, and checklist—right to your inbox. No ads. No paywall. No sketchy download sites.

Subscribe to the newsletter here
Share with a friend: If they subscribe, they’ll always get my newest resources before the YouTube algorithm.

3. Pro Checklist: Secure & Scalable Terraform

Before you use ANY AI-generated Terraform, check these first:

  • No open security groups (never 0.0.0.0/0 on SSH in prod!)

  • All regions, VPC, subnets, and resource names are variables—not hardcoded

  • Split your code: main.tf, variables.tf, outputs.tf, provider.tf

  • Use resource tagging for everything—track cost, ownership, and clean up

  • Store keys/credentials securely—never in code

  • Outputs are minimal, safe, and useful (instance ID, public IP, etc)

  • Run terraform plan and review every change before apply

  • Never use AI code blindly—peer review is your friend

4. Sponsor This Newsletter & Channel

Want to reach 790+ DevOps engineers, SREs, and cloud architects who care about automation, cloud security, and real best practices?
Sponsor a future newsletter issue or YouTube video and connect with a highly engaged, growing tech audience.

5. What I Learned (So You Don’t Have To)

Even with all our automation, the real risk comes from moving fast without a checklist. AI can write the basics—but never understands your production standards.
My new rule:

  • Never accept open security groups

  • Variables and tags, everywhere

  • Every code block reviewed, every time

6. Download Every Script & Template

All the code, fixed templates, and a printable Terraform checklist
Download everything here (subscribers only)

7. What’s Next? You Choose!

Next up, we’re going even deeper—can AI safely create complex multi-cloud setups, or will it make new mistakes?
What should I test, break, or fix next?
Reply to this email or comment on the video—your story might feature in the next issue!

Watch the full Terraform episode here:
https://youtu.be/your-terraform-video-link

Never miss the next script or cloud fail—make sure you’re subscribed!

See you in the next issue,
LearnWithDevOpsEngineer