The Terraform MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with Terraform Registry APIs, enabling advanced automation and interaction capabilities for Infrastructure as Code (IaC) development.
- Dual Transport Support: Both Stdio and StreamableHTTP transports
- Terraform Provider Discovery: Query and explore Terraform providers and their documentation
- Module Search & Analysis: Search and retrieve detailed information about Terraform modules
- Registry Integration: Direct integration with Terraform Registry APIs
- Container Ready: Docker support for easy deployment
Caution: The outputs and recommendations provided by the MCP server are generated dynamically and may vary based on the query, model, and the connected MCP server. Users should thoroughly review all outputs/recommendations to ensure they align with their organization's security best practices, cost-efficiency goals, and compliance requirements before implementation.
Security Note: When using the StreamableHTTP transport in production, always configure the
MCP_ALLOWED_ORIGINSenvironment variable to restrict access to trusted origins only. This helps prevent DNS rebinding attacks and other cross-origin vulnerabilities.
- To run the server in a container, you will need to have Docker installed.
- Once Docker is installed, you will need to ensure Docker is running.
The Terraform MCP Server supports multiple transport protocols:
Standard input/output communication using JSON-RPC messages. Ideal for local development and direct integration with MCP clients.
Modern HTTP-based transport supporting both direct HTTP requests and Server-Sent Events (SSE) streams. This is the recommended transport for remote/distributed setups.
Features:
- Endpoint:
http://{hostname}:8080/mcp - Health Check:
http://{hostname}:8080/health - Environment Configuration: Set
TRANSPORT_MODE=httporTRANSPORT_PORT=8080to enable
Environment Variables:
| Variable | Description | Default |
|---|---|---|
TRANSPORT_MODE |
Set to streamable-http to enable HTTP transport (legacy http value still supported) |
stdio |
TRANSPORT_HOST |
Host to bind the HTTP server | 127.0.0.1 |
TRANSPORT_PORT |
HTTP server port | 8080 |
MCP_SESSION_MODE |
Session mode: stateful or stateless |
stateful |
MCP_ALLOWED_ORIGINS |
Comma-separated list of allowed origins for CORS | "" (empty) |
MCP_CORS_MODE |
CORS mode: strict, development, or disabled |
strict |
# Stdio mode
terraform-mcp-server stdio [--log-file /path/to/log]
# StreamableHTTP mode
terraform-mcp-server streamable-http [--transport-port 8080] [--transport-host 127.0.0.1] [--log-file /path/to/log]The Terraform MCP Server supports two session modes when using the StreamableHTTP transport:
- Stateful Mode (Default): Maintains session state between requests, enabling context-aware operations.
- Stateless Mode: Each request is processed independently without maintaining session state, which can be useful for high-availability deployments or when using load balancers.
To enable stateless mode, set the environment variable:
export MCP_SESSION_MODE=statelessAdd the following JSON block to your User Settings (JSON) file in VS Code. You can do this by pressing Ctrl + Shift + P and typing Preferences: Open User Settings (JSON).
More about using MCP server tools in VS Code's agent mode documentation.
{
"mcp": {
"servers": {
"terraform": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"hashicorp/terraform-mcp-server"
]
}
}
}
}Optionally, you can add a similar example (i.e. without the mcp key) to a file called .vscode/mcp.json in your workspace. This will allow you to share the configuration with others.
{
"servers": {
"terraform": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"hashicorp/terraform-mcp-server"
]
}
}
}More about using MCP server tools in Claude Desktop user documentation. Read more about using MCP server in Amazon Q from the documentation.
{
"mcpServers": {
"terraform": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"hashicorp/terraform-mcp-server"
]
}
}
}The following sets of tools are available:
| Toolset | Tool | Description |
|---|---|---|
providers |
resolveProviderDocID |
Queries the Terraform Registry to find and list available documentation for a specific provider using the specified serviceSlug. Returns a list of provider document IDs with their titles and categories for resources, data sources, functions, or guides. |
providers |
getProviderDocs |
Fetches the complete documentation content for a specific provider resource, data source, or function using a document ID obtained from the resolveProviderDocID tool. Returns the raw documentation in markdown format. |
modules |
searchModules |
Searches the Terraform Registry for modules based on specified moduleQuery with pagination. Returns a list of module IDs with their names, descriptions, download counts, verification status, and publish dates |
modules |
moduleDetails |
Retrieves detailed documentation for a module using a module ID obtained from the searchModules tool including inputs, outputs, configuration, submodules, and examples. |
policies |
searchPolicies |
Queries the Terraform Registry to find and list the appropriate Sentinel Policy based on the provided query policyQuery. Returns a list of matching policies with terraformPolicyIDs with their name, title and download counts. |
policies |
policyDetails |
Retrieves detailed documentation for a policy set using a terraformPolicyID obtained from the searchPolicies tool including policy readme and implementation details. |
Use the latest release version:
go install github.com/hashicorp/terraform-mcp-server/cmd/terraform-mcp-server@latestUse the main branch:
go install github.com/hashicorp/terraform-mcp-server/cmd/terraform-mcp-server@main{
"mcp": {
"servers": {
"terraform": {
"command": "/path/to/terraform-mcp-server",
"args": ["stdio"]
}
}
}
}Before using the server, you need to build the Docker image locally:
- Clone the repository:
git clone https://github.com/hashicorp/terraform-mcp-server.git
cd terraform-mcp-server- Build the Docker image:
make docker-build- This will create a local Docker image that you can use in the following configuration.
# Run in stdio mode
docker run -i --rm terraform-mcp-server:dev
# Run in streamable-http mode
docker run -p 8080:8080 --rm -e TRANSPORT_MODE=streamable-http -e TRANSPORT_HOST=0.0.0.0 terraform-mcp-server:devNote: When running in Docker, you should set
TRANSPORT_HOST=0.0.0.0to allow connections from outside the container.
- (Optional) Test connection in http mode
# Test the connection
curl http://localhost:8080/health- You can use it on your AI assistant as follow:
{
"mcpServers": {
"terraform": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"terraform-mcp-server:dev"
]
}
}
}- Go (check go.mod file for specific version)
- Docker (optional, for container builds)
| Command | Description |
|---|---|
make build |
Build the binary |
make test |
Run all tests |
make test-e2e |
Run end-to-end tests |
make docker-build |
Build Docker image |
make run-http |
Run HTTP server locally |
make docker-run-http |
Run HTTP server in Docker |
make test-http |
Test HTTP health endpoint |
make clean |
Remove build artifacts |
make help |
Show all available commands |
- Fork the repository
- Create your feature branch
- Make your changes
- Run tests
- Submit a pull request
This project is licensed under the terms of the MPL-2.0 open source license. Please refer to LICENSE file for the full terms.
For security issues, please contact [email protected] or follow our security policy.
For bug reports and feature requests, please open an issue on GitHub.
For general questions and discussions, open a GitHub Discussion.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@compliance-pr-automation-bot[bot]](https://avatars.githubusercontent.com/u/761456?s=64&v=4){kind=small}