Terraform
Terraform MCP server reference
This page contains reference information about the Terraform MCP server, including configuration options and tools.
Available tools
The Terraform MCP server provides specialized tools that AI models can use to access current Terraform registry information. These tools work automatically when you ask relevant questions—you don't need to invoke them manually.
Toolsets
The server includes the following toolsets:
| Toolset | Description |
|---|---|
registry | Tools for accessing the public registry |
registry-private | Tools for accessing private registries |
terraform | Tools for interacting with HCP Terraform and Terraform Enterprise |
You can add the --toolsets flag to enable or disable these tools when starting the binary.
Provider tools
Access comprehensive provider documentation for resources, data sources, functions, and configuration guides.
| Tool | Purpose | What it returns |
|---|---|---|
search_providers | Find provider documentation by service name | List of available documentation with IDs, titles, and categories |
get_provider_details | Retrieve complete documentation for a specific provider component | Full documentation content in markdown format |
get_latest_provider_version | Retrieve the latest version of a specifc provider | The latest version of a provider |
Example prompt: "How do I configure an AWS S3 bucket with versioning enabled?"
Module tools
Discover and explore community and verified modules from the Terraform registry.
| Tool | Purpose | What it returns |
|---|---|---|
search_modules | Find modules by name or functionality | Module details including names, descriptions, download counts, and verification status |
get_module_details | Get comprehensive module information | Complete documentation with inputs, outputs, examples, and submodules |
get_latest_module_version | Retrieve the latest version of a specifc module | The latest version of a module |
Example prompt: "Show me modules for deploying a Kubernetes cluster on AWS."
Policy tools
Access Sentinel policies for governance and compliance requirements.
| Tool | Purpose | What it returns |
|---|---|---|
search_policies | Find Sentinel policies by topic or requirement | Policy listings with IDs, names, and download statistics |
get_policy_details | Retrieve detailed policy documentation | Policy implementation details and usage instructions |
Example prompt: "What Sentinel policies are available for enforcing security best practices?"
Terraform Cloud/Enterprise tools
Manage Terraform Cloud/Enterprise resources including workspaces, runs, variables, and private modules. Some tools require the ENABLE_TF_OPERATIONS environment variable for destructive operations.
| Tool | Purpose | What it returns |
|---|---|---|
list_terraform_orgs | Fetch all Terraform organizations | List of organizations with their details |
list_terraform_projects | Fetch all Terraform projects | List of projects with their metadata |
list_workspaces | Search and list workspaces in an organization | Workspace details including configuration and status |
get_workspace_details | Get comprehensive workspace information | Complete workspace configuration, variables, and state information |
create_workspace | Create a new Terraform workspace | Confirmation of workspace creation (destructive operation) |
update_workspace | Update workspace configuration | Updated workspace configuration (potentially destructive) |
delete_workspace_safely | Delete workspace if it manages no resources | Confirmation of deletion (requires ENABLE_TF_OPERATIONS) |
list_runs | List or search runs in a workspace | Run details with optional filtering |
get_run_details | Get detailed information about a specific run | Complete run information including logs and status |
create_run | Create a new Terraform run | Run creation confirmation with available run types |
action_run | Perform actions on runs (apply, discard, cancel) | Action confirmation (requires ENABLE_TF_OPERATIONS) |
search_private_modules | Find private modules in your organization | List of private modules matching search criteria |
get_private_module_details | Get detailed private module information | Complete module details including inputs, outputs, and examples |
search_private_providers | Find private providers in your organization | List of private providers matching search criteria |
get_private_provider_details | Get detailed private provider information | Provider details including usage and version information |
get_workspace_policy_sets | Get the policy sets attached to a particular workspace | A list of policy sets |
attach_policy_set_to_workspace | Attach a policy set to a workspace | Confirmation of attachment |
get_token_permissions | Get the permissions for the TFE_TOKEN | A list of actions you can take |
Variable management tools
Manage variables and variable sets across workspaces and organizations.
| Tool | Purpose | What it returns |
|---|---|---|
list_variable_sets | List all variable sets in an organization | Variable set details and configurations |
create_variable_set | Create a new variable set | Confirmation of variable set creation |
create_variable_in_variable_set | Add a variable to a variable set | Variable creation confirmation |
delete_variable_in_variable_set | Remove a variable from a variable set | Variable deletion confirmation |
attach_variable_set_to_workspaces | Attach variable set to workspaces | Attachment confirmation |
detach_variable_set_from_workspaces | Detach variable set from workspaces | Detachment confirmation |
list_workspace_variables | List all variables in a workspace | Workspace variable details |
create_workspace_variable | Create a variable in a workspace | Variable creation confirmation |
update_workspace_variable | Update an existing workspace variable | Updated variable configuration |
Workspace tagging tools
Manage tags for Terraform workspaces to organize and categorize resources.
| Tool | Purpose | What it returns |
|---|---|---|
create_workspace_tags | Add tags to a workspace | Tag creation confirmation |
read_workspace_tags | Read all tags from a workspace | List of workspace tags |
Example prompts:
- "Create a new workspace called 'production-app' in my organization"
- "Show me all runs for the staging workspace"
- "List all private modules related to AWS"
- "Create a variable set for database configuration"
Stacks tools
Manage Terraform Stacks in an organization.
| Tool | Purpose | What it returns |
|---|---|---|
list_stacks | Retrieve list of stacks | List of stacks with high level summary |
get_stack_details | Read full details for a specific stack | Full stack configuration |
Example prompts:
- "List all the stacks in my organization"
- "Show me the details for the
dev-environmentstack"
Available resources
The Terraform MCP server provides several static read-only guides to the MCP clients to retrieve structured, contextual data. It helps generate standardized Terraform code.
| Resource URI | Kind | Description |
|---|---|---|
/terraform/style-guide | Resource | Terraform Style Guide - Provides access to the official Terraform style guide documentation in markdown format |
/terraform/module-development | Resource | Terraform Module Development Guide - Comprehensive guide covering module composition, structure, providers, publishing, and refactoring best practices |
/terraform/providers/{namespace}/name/{name}/version/{version} | Resource Template | Provider Resource Template - Dynamically retrieves detailed documentation and overview for any Terraform provider by namespace, name, and version |
Transport protocols
You can set one of the following transport protocols when starting the MCP server so that it operates correctly for your environment.
| Transport | Best for | How it works | Usage |
|---|---|---|---|
stdio | Local development and direct integration with MCP clients | Uses standard input/output for JSON-RPC message communication | Automatically used when no specific transport mode is configured |
streamableHTTP | Remote deployments, distributed setups, production environments | HTTP-based transport with support for both direct HTTP requests | Enable by setting TRANSPORT_MODE=streamable-http |
Environment variables
You can set the following environment variables to configure the server behavior.
| Variable | Description | Default |
|---|---|---|
TFE_ADDRESS | HCP Terraform or Terraform Enterprise address | "https://app.terraform.io" |
TFE_TOKEN | Terraform Enterprise API token | "" (empty) |
TFE_SKIP_TLS_VERIFY | Skip HCP Terraform or Terraform Enterprise TLS verification | false |
TRANSPORT_MODE | Set to streamable-http to enable HTTP transport (legacy http) | stdio |
TRANSPORT_HOST | Host to bind the HTTP server | 127.0.0.1 |
TRANSPORT_PORT | HTTP server port | 8080 |
MCP_ENDPOINT | HTTP server endpoint path | /mcp |
MCP_SESSION_MODE | Session mode: stateful or stateless | stateful |
MCP_ALLOWED_ORIGINS | Comma-separated list of allowed origins for CORS | "" (empty) |
MCP_CORS_MODE | CORS mode: strict, development, or disabled | strict |
MCP_RATE_LIMIT_GLOBAL | Global rate limit (format: rps:burst) | 10:20 |
MCP_RATE_LIMIT_SESSION | Per-session rate limit (format: rps:burst) | 5:10 |
ENABLE_TF_OPERATIONS | Enable destructive Terraform operations | false |
Run type options
The create_run tool supports the following run types by default:
plan_and_apply: Creates a plan and applies it if approvedrefresh_state: Refreshes the state without making changesplan_only: Creates a plan without applyingallow_empty_apply: Allows applying when no changes are detected
When ENABLE_TF_OPERATIONS is set to true, the following additional options become available:
auto_approve: Automatically approves and applies the planis_destroy: Creates a destroy plan to remove infrastructure
Destructive operations
Several tools perform destructive operations that can modify or delete infrastructure resources. These tools are disabled by default and require setting ENABLE_TF_OPERATIONS=true:
action_run: Can apply or destroy infrastructuredelete_workspace_safely: Permanently deletes workspaces- Additional run type options in
create_run