Module 2: Infrastructure as Code: Mistake Clinic
This clinic turns wrong moves into reusable judgment. Use it after each practice page and again before the quiz or checkpoint.
Module-Specific Mistake Radar
Start with these traps. Replace or extend them with real mistakes from your own work.
| Mistake to look for | Where it shows up | Symptom | Repair evidence |
|---|---|---|---|
| Finishing First Terraform Module Lab with only a final answer | First Terraform Module Lab | The work has no failed case, trace, test, proof gap, or design stress point. | Add the smallest broken example and show the repair that changes the result. |
| Finishing Modularity and State Workshop with only a final answer | Modularity and State Workshop | The work has no failed case, trace, test, proof gap, or design stress point. | Add the smallest broken example and show the repair that changes the result. |
| Finishing Refactoring and Import Clinic with only a final answer | Refactoring and Import Clinic | The work has no failed case, trace, test, proof gap, or design stress point. | Add the smallest broken example and show the repair that changes the result. |
| Finishing IaC Katas with only a final answer | IaC Katas | The work has no failed case, trace, test, proof gap, or design stress point. | Add the smallest broken example and show the repair that changes the result. |
| Treating Declarative vs Imperative Infrastructure as vocabulary instead of a tool | Declarative vs Imperative Infrastructure | The explanation names the concept but cannot decide between two cases. | Write one example, one non-example, and the rule that separates them. |
| Treating State: The Ground Truth and Its Hazards as vocabulary instead of a tool | State: The Ground Truth and Its Hazards | The explanation names the concept but cannot decide between two cases. | Write one example, one non-example, and the rule that separates them. |
Practice Mistake Checks
Pull any miss from these checks into your mistake log.
First Terraform Module Lab
Source: practice/01-first-terraform-module-lab.md
Identify and fix the error in each:
terraform applyrun without a saved plan in a team setting. (what guarantee is lost?)provider "aws" { region = "us-east-1" }repeated in every module. (what belongs at the root vs inside a module?)variable "env" { type = string }with novalidation. (what bug does this invite?)resource "aws_s3_bucket" "b" { bucket = "logs" }with no tags. (what breaks first in an org with cost attribution?)terraform destroyrun to "clean up" a prod environment. (what you should do instead, and why.)
Modularity and State Workshop
Source: practice/02-modularity-and-state-workshop.md
Identify and fix:
- A reusable module contains
provider "aws" { region = "us-east-1" }. envs/prod/main.tfandenvs/dev/main.tfeach have a different set of inputs to the module -- but one of them silently has a different resource schema.- Two engineers committed
terraform.tfstateto git "so both could use it." - The DynamoDB lock table is
acme-tf-locks, but the backend config forenvs/prod/was copy-pasted fromenvs/dev/and still points atacme-tf-locks-dev. Why is this dangerous? terraform workspace new prodis used as the prod environment. What operator surprise is likely in the first year?
Refactoring and Import Clinic
Source: practice/03-refactoring-and-import-clinic.md
Identify and fix:
moved { from = module.a.x to = module.b.x }where moduleastill exists and has its ownx. What happens?- An
importblock whoseidis wrong (typo). Plan looks fine -- what doesapplydo? - Renaming with
terraform state mvin one engineer's terminal instead of using amovedblock in code. What does the next PR reviewer see? - An engineer saw
replacedin a plan for production RDS and apply'd anyway because the PR description said "no-op." What is the process failure, not the engineer failure? prevent_destroy = truewas added to a bucket, then an engineer removed it with a one-line PR to let destroy proceed. How do you prevent this pattern?
Repair Protocol
For each real mistake:
- Reproduce the failure on the smallest example, trace, proof, query, command, or design sketch.
- Name the hidden assumption.
- Repair the artifact.
- Save evidence that changed: failing then passing test, corrected proof step, revised diagram, safer command, benchmark, or review note.
- Add one retrieval card beginning with Check... before... or Do not use... when....
Mistake Log
| Date | Mistake | Symptom | Root cause | Repair evidence | Retrieval card |
|---|---|---|---|---|---|
| Starter | Pick one radar row above | Explain how it would fail in this module | Name the assumption | Add a counterexample or corrected artifact | Write the card before closing the page |
Completion Standard
- At least five real mistakes are logged.
- At least two mistakes include a counterexample or failing test.
- At least one mistake connects to an older semester skill.
- At least one correction changes code, a proof, a diagram, a command transcript, a query, or a design decision.