Skip to main content
All Posts

"No Errors" Is Not the Same as "It Works"

3 min read
AnsibleDevOpsCI/CDproductioninfrastructureidempotencyDevSecOpssecuritypipeline securityAWS
"No Errors" Is Not the Same as "It Works"

A deployment succeeded. The pipeline went green. The app returned 403. This is the story of two projects, one hard lesson, and why verification is a distinct step from deployment — and where production incidents actually live.

The deployment succeeded.

Pipeline green. No errors. No warnings. I closed the terminal, opened the app, and got a 403.

That was the mini-finance project — a containerised financial application deployed via Ansible. The playbook ran cleanly. Every task completed. From the automation's perspective, the job was done.

But the site was inaccessible. The permissions were wrong. Nothing in the run log had flagged it, because nothing in the run log was looking for it. The automation had done exactly what I told it to do. I just hadn't told it to verify that the result was correct.

That distinction matters more than most deployment guides acknowledge.

A successful run proves the automation executed. It doesn't prove the outcome is right.

Ansible, Terraform, any pipeline tool — they report on task completion, not on whether the system you've built actually works. Those are different things. Conflating them is where incidents live.

The 403 wasn't a bug in the playbook. It was a missing verification step. I'd defined the deployment process but not the definition of success.

I carried that lesson directly into the next project.

EpicBook — a production deployment on AWS — was where I applied it deliberately. The architecture used role-based Ansible (not a flat playbook), and idempotency testing was built in from the start. Not as an afterthought. Not as a nice-to-have. As a required step before anything was considered done.

Idempotency testing is a specific kind of verification: run the automation twice. If the second run changes anything, you have a problem — your deployment isn't describing a desired state, it's describing a sequence of operations that only works once. That's a fragile foundation for anything that needs to run in production repeatedly.

The progression from mini-finance to EpicBook wasn't just a complexity increase. It was a change in how I defined "finished." Finished stopped meaning "it ran" and started meaning "it works, it's idempotent, and I can prove both."

The gap between those two definitions is where most production incidents start.

Not in failed deployments — those are visible. In deployments that succeed on paper and fail in reality. The pipeline goes green, the alert doesn't fire, and someone finds the problem when they try to actually use the thing.

What closes the gap:

  • Smoke tests that run against the live environment post-deploy, not against a staging assumption
  • Health checks that verify application behaviour, not just process uptime
  • Idempotency as a standard — not a performance optimisation, but a correctness guarantee
  • A clear definition of success that exists before the deployment runs, not after

None of this is exotic. Most of it is just discipline — the decision to treat verification as a distinct step rather than an implicit one.

Coming from a security and incident response background, I'd add one more dimension: the gap between "it ran" and "it works" is also a security gap. A misconfigured deployment that passes pipeline checks is exactly the kind of drift that threat actors exploit — and that SIEM alerts surface weeks later, long after the blast radius has grown. Verification discipline and security posture aren't separate concerns. They're the same concern, approached from different directions.

The question I ask after every deployment now isn't "did it succeed?"

It's "does it work?"

Green is a starting point. Working is the standard.