mcp-server-terraform
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| ALLOWED_TOOLS | No | Comma-separated list of allowed tools, e.g. 'tf_plan,tf_output'. | |
| AUDIT_LOG_PATH | No | File path for audit logging. Every tool call is appended as a JSON line. | |
| ALLOW_ONLY_READONLY_TOOLS | No | If set to 'true', only readonly tools are available (tf_validate, tf_plan, tf_output). | |
| ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS | No | If set to 'true', blocks destructive tools (tf_apply, tf_destroy, tf_state mv/rm). |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {} |
| prompts | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| tf_validateA | Validate Terraform configuration files for syntax and internal consistency. Does not access remote state or APIs. |
| tf_planA | Run terraform plan and return a human-readable diff of what will change. Safe — makes no changes to infrastructure. |
| tf_outputA | Read Terraform output values from the current state. Returns all outputs as JSON, or a specific output by name. |
| tf_preflightA | Check which cloud providers are used in a Terraform workspace and verify authentication status for each. Call this before plan or apply to catch credential issues early. |
| tf_driftA | Detect infrastructure drift — resources that were changed outside of Terraform (e.g. manually in the cloud console). Runs a refresh-only plan and reports differences between state and reality. Read-only, makes no changes. |
| tf_applyA | Apply Terraform changes to real infrastructure. TWO-STEP SAFETY FLOW:
Never pass confirmed=true without first showing the plan output to the user. |
| tf_destroyA | Destroy all Terraform-managed infrastructure in the workspace. TWO-STEP SAFETY FLOW:
This is irreversible. Always show the plan and get explicit user approval first. |
| tf_stateA | Manage Terraform state. Supports the following operations:
|
| tf_resourceA | Resource-level state operations:
|
| tf_initA | Initialize a Terraform working directory. Downloads providers and modules. Run this before plan or apply on a fresh workspace. |
| tf_workspaceA | Manage Terraform workspaces. Supports:
|
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| tf-diagnose | Systematically diagnose a Terraform plan or apply failure |
| tf-login | Detect cloud providers in a Terraform workspace and guide the user through authentication |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/RajeevSirohi/mcp-server-terraform'
If you have feedback or need assistance with the MCP directory API, please join our Discord server