Terraform
Terraform MCP server reference
This page contains reference information about the Terraform MCP server, including configuration options and tools.
Available tools
The Terraform MCP server provides specialized tools that AI models can use to access current Terraform registry information. These tools work automatically when you ask relevant questions—you don't need to invoke them manually.
Provider tools
Access comprehensive provider documentation for resources, data sources, functions, and configuration guides.
| Tool | Purpose | What it returns |
|---|---|---|
search_providers | Find provider documentation by service name | List of available documentation with IDs, titles, and categories |
get_provider_details | Retrieve complete documentation for a specific provider component | Full documentation content in markdown format |
get_latest_provider_version | Retrieve the latest version of a specifc provider | The latest version of a provider |
Example prompt: "How do I configure an AWS S3 bucket with versioning enabled?"
Module tools
Discover and explore community and verified modules from the Terraform registry.
| Tool | Purpose | What it returns |
|---|---|---|
search_modules | Find modules by name or functionality | Module details including names, descriptions, download counts, and verification status |
get_module_details | Get comprehensive module information | Complete documentation with inputs, outputs, examples, and submodules |
get_latest_module_version | Retrieve the latest version of a specifc module | The latest version of a module |
Example prompt: "Show me modules for deploying a Kubernetes cluster on AWS."
Policy tools
Access Sentinel policies for governance and compliance requirements.
| Tool | Purpose | What it returns |
|---|---|---|
search_policies | Find Sentinel policies by topic or requirement | Policy listings with IDs, names, and download statistics |
get_policy_details | Retrieve detailed policy documentation | Policy implementation details and usage instructions |
Example prompt: "What Sentinel policies are available for enforcing security best practices?"
Terraform Cloud/Enterprise tools
Manage Terraform Cloud/Enterprise resources including workspaces, runs, variables, and private modules. Some tools require the ENABLE_TF_OPERATIONS environment variable for destructive operations.
| Tool | Purpose | What it returns |
|---|---|---|
list_terraform_orgs | Fetch all Terraform organizations | List of organizations with their details |
list_terraform_projects | Fetch all Terraform projects | List of projects with their metadata |
list_workspaces | Search and list workspaces in an organization | Workspace details including configuration and status |
get_workspace_details | Get comprehensive workspace information | Complete workspace configuration, variables, and state information |
create_workspace | Create a new Terraform workspace | Confirmation of workspace creation (destructive operation) |
update_workspace | Update workspace configuration | Updated workspace configuration (potentially destructive) |
delete_workspace_safely | Delete workspace if it manages no resources | Confirmation of deletion (requires ENABLE_TF_OPERATIONS) |
list_runs | List or search runs in a workspace | Run details with optional filtering |
get_run_details | Get detailed information about a specific run | Complete run information including logs and status |
create_run | Create a new Terraform run | Run creation confirmation with available run types |
action_run | Perform actions on runs (apply, discard, cancel) | Action confirmation (requires ENABLE_TF_OPERATIONS) |
search_private_modules | Find private modules in your organization | List of private modules matching search criteria |
get_private_module_details | Get detailed private module information | Complete module details including inputs, outputs, and examples |
search_private_providers | Find private providers in your organization | List of private providers matching search criteria |
get_private_provider_details | Get detailed private provider information | Provider details including usage and version information |
Variable management tools
Manage variables and variable sets across workspaces and organizations.
| Tool | Purpose | What it returns |
|---|---|---|
list_variable_sets | List all variable sets in an organization | Variable set details and configurations |
create_variable_set | Create a new variable set | Confirmation of variable set creation |
create_variable_in_variable_set | Add a variable to a variable set | Variable creation confirmation |
delete_variable_in_variable_set | Remove a variable from a variable set | Variable deletion confirmation |
attach_variable_set_to_workspaces | Attach variable set to workspaces | Attachment confirmation |
detach_variable_set_from_workspaces | Detach variable set from workspaces | Detachment confirmation |
list_workspace_variables | List all variables in a workspace | Workspace variable details |
create_workspace_variable | Create a variable in a workspace | Variable creation confirmation |
update_workspace_variable | Update an existing workspace variable | Updated variable configuration |
Workspace tagging tools
Manage tags for Terraform workspaces to organize and categorize resources.
| Tool | Purpose | What it returns |
|---|---|---|
create_workspace_tags | Add tags to a workspace | Tag creation confirmation |
read_workspace_tags | Read all tags from a workspace | List of workspace tags |
Example prompts:
- "Create a new workspace called 'production-app' in my organization"
- "Show me all runs for the staging workspace"
- "List all private modules related to AWS"
- "Create a variable set for database configuration"
Available resources
The Terraform MCP server provides several static read-only guides to the MCP clients to retrieve structured, contextual data. It helps generate standardized Terraform code.
| Resource URI | Kind | Description |
|---|---|---|
/terraform/style-guide | Resource | Terraform Style Guide - Provides access to the official Terraform style guide documentation in markdown format |
/terraform/module-development | Resource | Terraform Module Development Guide - Comprehensive guide covering module composition, structure, providers, publishing, and refactoring best practices |
/terraform/providers/{namespace}/name/{name}/version/{version} | Resource Template | Provider Resource Template - Dynamically retrieves detailed documentation and overview for any Terraform provider by namespace, name, and version |
Transport protocols
You can set one of the following transport protocols when starting the MCP server so that it operates correctly for your environment.
| Transport | Best for | How it works | Usage |
|---|---|---|---|
stdio | Local development and direct integration with MCP clients | Uses standard input/output for JSON-RPC message communication | Automatically used when no specific transport mode is configured |
streamableHTTP | Remote deployments, distributed setups, production environments | HTTP-based transport with support for both direct HTTP requests | Enable by setting TRANSPORT_MODE=streamable-http |
Environment variables
You can set the following environment variables to configure the server behavior.
| Variable | Description | Default |
|---|---|---|
TFE_ADDRESS | HCP Terraform or Terraform Enterprise address | "https://app.terraform.io" |
TFE_TOKEN | Terraform Enterprise API token | "" (empty) |
TFE_SKIP_TLS_VERIFY | Skip HCP Terraform or Terraform Enterprise TLS verification | false |
TRANSPORT_MODE | Set to streamable-http to enable HTTP transport (legacy http) | stdio |
TRANSPORT_HOST | Host to bind the HTTP server | 127.0.0.1 |
TRANSPORT_PORT | HTTP server port | 8080 |
MCP_ENDPOINT | HTTP server endpoint path | /mcp |
MCP_SESSION_MODE | Session mode: stateful or stateless | stateful |
MCP_ALLOWED_ORIGINS | Comma-separated list of allowed origins for CORS | "" (empty) |
MCP_CORS_MODE | CORS mode: strict, development, or disabled | strict |
MCP_RATE_LIMIT_GLOBAL | Global rate limit (format: rps:burst) | 10:20 |
MCP_RATE_LIMIT_SESSION | Per-session rate limit (format: rps:burst) | 5:10 |
ENABLE_TF_OPERATIONS | Enable destructive Terraform operations | false |
Run type options
The create_run tool supports the following run types by default:
plan_and_apply: Creates a plan and applies it if approvedrefresh_state: Refreshes the state without making changesplan_only: Creates a plan without applyingallow_empty_apply: Allows applying when no changes are detected
When ENABLE_TF_OPERATIONS is set to true, the following additional options become available:
auto_approve: Automatically approves and applies the planis_destroy: Creates a destroy plan to remove infrastructure
Destructive operations
Several tools perform destructive operations that can modify or delete infrastructure resources. These tools are disabled by default and require setting ENABLE_TF_OPERATIONS=true:
action_run: Can apply or destroy infrastructuredelete_workspace_safely: Permanently deletes workspaces- Additional run type options in
create_run
Warning
When enabled, use these tools with caution as they can permanently modify or destroy infrastructure resources.