- Home
- MCP servers
- tfmcp
tfmcp
- rust
357
GitHub Stars
rust
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"nwiizo-tfmcp": {
"command": "tfmcp",
"args": [
"mcp"
],
"env": {
"HOME": "Replace with your home directory",
"PATH": "/usr/local/bin:/usr/bin:/bin",
"TERRAFORM_DIR": "/path/to/terraform/project",
"TFMCP_DEMO_MODE": "true",
"TFMCP_LOG_LEVEL": "info",
"TFMCP_AUDIT_ENABLED": "true",
"TFMCP_MAX_RESOURCES": "50",
"TFMCP_ALLOW_AUTO_APPROVE": "false",
"TFMCP_ALLOW_DANGEROUS_OPS": "false",
"TFMCP_AUDIT_LOG_SENSITIVE": "false"
}
}
}
}tfmcp is a Model Context Protocol server that lets you manage Terraform configurations and operations using AI assistants. It integrates tightly with the Terraform CLI to analyze plans, apply changes, inspect state, and navigate workspaces, all through the MCP interface. This enables you to automate safe Terraform workflows with clear guidance, auditing, and governance in place.
How to use
Start tfmcp as an MCP server to enable AI assistants to interact with your Terraform environment. Run the server locally, or use Docker for containerized deployment. You can then connect your MCP client (such as Claude Desktop) to issue Terraform-related actions through natural language prompts or structured tool calls. Use the available tools to analyze configurations, plan, apply when permitted, manage state, and inspect provider data and dependencies.
How to install
Prerequisites you need before installing tfmcp: Rust toolchain, Terraform CLI, and optionally Docker for containerized deployment. You also need an MCP client capable of communicating with an MCP server.
# From Crates.io (recommended for quick start)
cargo install tfmcp
# From source (builds from the repository)
# Clone the repository
git clone https://github.com/nwiizo/tfmcp
cd tfmcp
# Build and install
cargo install --path .
Using Docker
You can run tfmcp inside a container to avoid local Rust/tooling setup. Build the image and run it directly.
# Build the Docker image
docker build -t tfmcp .
# Run the container (default MCP server mode)
docker run -it tfmcp
# Run with a specific command and options (example for analysis)
docker run -it tfmcp analyze --dir /app/terraform
# Mount your Terraform project directory
docker run -it -v /path/to/your/terraform:/app/terraform tfmcp --dir /app/terraform
# Set environment variables (example)
docker run -it -e TFMCP_LOG_LEVEL=debug tfmcp
Integrating with Claude Desktop
If you use Claude Desktop, install tfmcp and point Claude to run the MCP server. You can also containerize tfmcp with Docker for Claude integration.
# Install tfmcp
cargo install tfmcp
# Locate the executable path
which tfmcp
Configure Claude with the following JSON snippet, replacing paths as needed:
{
"mcpServers": {
"tfmcp": {
"command": "/path/to/your/tfmcp",
"args": ["mcp"],
"env": {
"HOME": "/Users/yourusername",
"PATH": "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
"TERRAFORM_DIR": "/path/to/your/terraform/project"
}
}
}
}
If you prefer Docker, configure Claude to invoke the container with a mounted Terraform directory and run the MCP server inside the container.
## Production notes and sample setup
tfmcp includes a safety-first security system with configurable policies, audit logging, and access controls. Review and tailor safety settings before enabling dangerous operations like apply or destroy. You can enable demo mode for safety during exploration, and configure audit logging to track all actions.
## Environment and security configuration
Key environment variables you can set to customize tfmcp behavior in production include: TERRAFORM\_DIR to specify the Terraform project directory, TFMCP\_LOG\_LEVEL to control logging verbosity, and TFMCP\_DEMO\_MODE to enable a mode with extra safety checks. For security, you can disable dangerous operations by default and require manual approval for apply/destroy.
export TERRAFORM_DIR=/path/to/your/terraform/project export TFMCP_LOG_LEVEL=info export TFMCP_DEMO_MODE=false export TFMCP_ALLOW_DANGEROUS_OPS=false export TFMCP_ALLOW_AUTO_APPROVE=false export TFMCP_MAX_RESOURCES=50 export TFMCP_AUDIT_ENABLED=true export TFMCP_AUDIT_LOG_SENSITIVE=false
Auditing is written to the default audit path unless you override it, and you should review the audit logs regularly.
Troubleshooting tips
If the MCP client cannot connect, verify that you started the tfmcp server correctly and that the configured command and path are correct. For Docker users, ensure volume mounts and permissions are set so the MCP server can access your Terraform directory. If you encounter missing methods, verify you are using the correct MCP endpoint and that your client is configured to call the available tools.
Notes on tooling and examples
tfmcp exposes a comprehensive set of tools for Terraform operations, analysis, and module/provider browsing. These tools cover core Terraform actions, workspace and state management, code formatting, graph generation, provider/module information, and security-focused checks. Use them through your MCP client to keep Terraform workflows auditable and well-governed.
Sample MCP connection configuration
{
"mcpServers": {
"tfmcp": {
"command": "tfmcp",
"args": ["mcp"]
}
}
}
Available tools
init_terraform
Initialize Terraform working directory from the MCP server, preparing backend, provider plugins, and initial state scaffolding.
get_terraform_plan
Generate an execution plan and present the proposed changes before applying.
analyze_plan
Analyze the plan with risk scoring and actionable recommendations.
apply_terraform
Apply Terraform configuration to realize the planned changes (requires appropriate permissions).
destroy_terraform
Destroy Terraform-managed resources (restricted by safety settings).
validate_terraform
Validate Terraform configuration syntax for correctness.
validate_terraform_detailed
Provide a detailed validation with guidelines and best practices.
get_terraform_state
Show the current Terraform state for inspection.
analyze_state
Analyze the state with drift detection and health metrics.
list_terraform_resources
List all resources managed by the current Terraform project.
set_terraform_directory
Change the active Terraform project directory at runtime.
terraform_workspace
Manage Terraform workspaces with list, show, new, select, and delete operations.
terraform_import
Import existing resources into the Terraform state and configuration.
terraform_taint
Taint or untaint resources to control recreation behavior.
terraform_refresh
Refresh the Terraform state to sync with real-world infrastructure.
terraform_fmt
Format Terraform code to standard style.
terraform_graph
Generate a dependency graph for the Terraform configuration.
terraform_output
Retrieve Terraform output values for downstream usage.
terraform_providers
Get provider information, including lock file parsing details.
search_terraform_providers
Search available Terraform providers in registries.
get_provider_info
Fetch details about a specific Terraform provider.
get_provider_docs
Retrieve provider documentation for quick reference.
search_terraform_modules
Search for Terraform modules in registries.
get_module_details
Get details about a specific Terraform module.
get_latest_module_version
Retrieve the latest version of a module.
get_latest_provider_version
Retrieve the latest version of a provider.
get_security_status
Run security scans with secret detection and policy checks.
analyze_terraform
Analyze the Terraform configuration for best practices.
analyze_module_health
Assess module health with cohesion/coupling metrics and refactoring suggestions.
get_resource_dependency_graph
Visualize resource dependencies with explicit and implicit links.
suggest_module_refactoring
Provide refactoring suggestions to improve module quality.