Comment by kikimora

I wonder what is the approach you taking? In my dev env we have .env files that supposed to have dev api keys for staging and testing. Production parameters stored in parameter store. There is also deploy script, that can deploy into production given there is a token in AWS CLI.

I understand there is a way to keep Claude inside working dir. but how to limit it from accidentally deploying production, modifying terraform deleting important resources? If dev can run AWS cli ir terraform then Claude can…