Terraform MCP Server
Integrates with Terraform Registry APIs for Infrastructure as Code development, supporting provider and module discovery.
Terraform MCP Server
The Terraform MCP Server is a Model Context Protocol (MCP) server that provides seamless integration with Terraform Registry APIs, enabling advanced automation and interaction capabilities for Infrastructure as Code (IaC) development.
Features
- Dual Transport Support: Both Stdio and StreamableHTTP transports with configurable endpoints
- Terraform Registry Integration: Direct integration with public Terraform Registry APIs for providers, modules, and policies
- HCP Terraform & Terraform Enterprise Support: Full workspace management, organization/project listing, and private registry access
- Workspace Operations: Create, update, delete workspaces with support for variables, tags, and run management
- OTel metrics for monitoring tool usage: Integration with open telemetry meters to track tool-call volume, latency and failures in Streamable HTTP mode. Also exposes default http server metrics when this feature is enabled
Security Note: At this stage, the MCP server is intended for local use only. If using the StreamableHTTP transport, always configure the MCP_ALLOWED_ORIGINS environment variable to restrict access to trusted origins only. This helps prevent DNS rebinding attacks and other cross-origin vulnerabilities.
Security Note: Depending on the query, the MCP server may expose certain Terraform data to the MCP client and LLM. Do not use the MCP server with untrusted MCP clients or LLMs.
Legal Note: Your use of a third party MCP Client/LLM is subject solely to the terms of use for such MCP/LLM, and IBM is not responsible for the performance of such third party tools. IBM expressly disclaims any and all warranties and liability for third party MCP Clients/LLMs, and may not be able to provide support to resolve issues which are caused by the third party tools.
Caution: The outputs and recommendations provided by the MCP server are generated dynamically and may vary based on the query, model, and the connected MCP client. Users should thoroughly review all outputs/recommendations to ensure they align with their organization’s security best practices, cost-efficiency goals, and compliance requirements before implementation.
Prerequisites
- Ensure Docker is installed and running to use the server in a containerized environment.
- Install an AI assistant that supports the Model Context Protocol (MCP).
Command Line Options
Environment Variables:
| Variable | Description | Default |
|---|---|---|
TFE_ADDRESS | HCP Terraform or TFE address | "https://app.terraform.io" |
TFE_TOKEN | Terraform Enterprise API token | "" (empty) |
TFE_SKIP_TLS_VERIFY | Skip HCP Terraform or Terraform Enterprise TLS verification | false |
LOG_LEVEL | Logging level: trace, debug, info, warn, error, fatal, panic (overrides --log-level flag) | info |
LOG_FORMAT | Logging format: text or json (overrides --log-format flag) | text |
TRANSPORT_MODE | Set to streamable-http to enable HTTP transport (legacy http value still supported) | stdio |
TRANSPORT_HOST | Host to bind the HTTP server | 127.0.0.1 |
TRANSPORT_PORT | HTTP server port | 8080 |
MCP_ENDPOINT | HTTP server endpoint path | /mcp |
MCP_KEEP_ALIVE | Keep-alive interval for SSE connections (e.g., 30s, 1m). 0 to disable | 0 |
MCP_SESSION_MODE | Session mode: stateful or stateless | stateful |
MCP_ALLOWED_ORIGINS | Comma-separated list of allowed origins for CORS | "" (empty) |
MCP_CORS_MODE | CORS mode: strict, development, or disabled | strict |
MCP_TLS_CERT_FILE | Path to TLS cert file, required for non-localhost deployment (e.g. /path/to/cert.pem) | "" (empty) |
MCP_TLS_KEY_FILE | Path to TLS key file, required for non-localhost deployment (e.g. /path/to/key.pem) | "" (empty) |
MCP_RATE_LIMIT_GLOBAL | Global rate limit (format: rps:burst) | 10:20 |
MCP_RATE_LIMIT_SESSION | Per-session rate limit (format: rps:burst) | 5:10 |
ENABLE_TF_OPERATIONS | Enable tools that require explicit approval | false |
OTEL_METRICS_ENABLED | Enable tools and server metrics using otel | false |
OTEL_METRICS_SERVICE_VERSION | Version of the terraform-mcp-server sending metrics, which is used to set metric attributes. It also helps track metrics across different deployments | latest |
OTEL_METRICS_SERVICE_NAME | Identifies the source of the metrics (e.g., "terraform-mcp-server") | terraform-mcp-server |
OTEL_METRICS_EXPORT_INTERVAL | Controls the frequency of metric flushes | 2 |
OTEL_METRICS_ENDPOINT | URL of your OTel Collector or backend | localhost:4318 |
# Stdio mode
terraform-mcp-server stdio [--log-file /path/to/log] [--log-level info] [--log-format text] [--toolsets <toolsets>] [--tools <tools>]
# StreamableHTTP mode
terraform-mcp-server streamable-http [--transport-port 8080] [--transport-host 127.0.0.1] [--mcp-endpoint /mcp] [--log-file /path/to/log] [--log-level info] [--log-format text] [--toolsets <toolsets>] [--tools <tools>]
Instructions
Default instructions for the MCP server is located in cmd/terraform-mcp-server/instructions.md, if those do not seem appropriate for your organization's Terraform practices or if the MCP server is producing inaccurate responses, please replace them with your own instructions and rebuild the container or binary. An example of such instruction is located in instructions/example-mcp-instructions.md
AGENTS.md essentially behaves as READMEs for coding agents: a dedicated, predictable place to provide the context and instructions to help AI coding agents work on your project. One AGENTS.md file works with different coding agents. An example of such instruction is located in instructions/example-AGENTS.md, in order to use it commit a file name AGENTS.md to the directory where your Terraform configurations reside.
Installation
Usage with Visual Studio Code
Add the following JSON block to your User Settings (JSON) file in VS Code. You can do this by pressing Ctrl + Shift + P and typing Preferences: Open User Settings (JSON).
More about using MCP server tools in VS Code's agent mode documentation.
| Version 0.3.0+ or greater | Version 0.2.3 or lower |
|---|---|
|
|
Optionally, you can add a similar example (i.e. without the mcp key) to a file called .vscode/mcp.json in your workspace. This will allow you to share the configuration with others.
| Version 0.3.0+ or greater | Version 0.2.3 or lower |
|---|---|
|
|
Usage with Cursor
Add this to your Cursor config (~/.cursor/mcp.json) or via Settings → Cursor Settings → MCP:
| Version 0.3.0+ or greater | Version 0.2.3 or lower |
|---|---|
|
|
Usage with Claude Desktop / Amazon Q Developer / Kiro CLI
More about using MCP server tools in Claude Desktop user documentation. Read more about using MCP server in Amazon Q Developer and Kiro CLI.
| Version 0.3.0+ or greater | Version 0.2.3 or lower |
|---|---|
|
|
Usage with Claude Code
More about using and adding MCP server tools in Claude Code user documentation
- Local (
stdio) Transport
claude mcp add terraform -s user -t stdio -- docker run -i --rm hashicorp/terraform-mcp-server
- Remote (
streamable-http) Transport
# Run server (example)
docker run -p 8080:8080 --rm -e TRANSPORT_MODE=streamable-http -e TRANSPORT_HOST=0.0.0.0 hashicorp/terraform-mcp-server
# Add to Claude Code
claude mcp add --transport http terraform http://localhost:8080/mcp
Usage with Gemini extensions
For security, avoid hardcoding your credentials, create or update ~/.gemini/.env (where ~ is your home or project directory) for storing HCP Terraform or Terraform Enterprise credentials
# ~/.gemini/.env
TFE_ADDRESS=your_tfe_address_here
TFE_TOKEN=your_tfe_token_here
Install the extension & run Gemini
gemini extensions install https://github.com/hashicorp/terraform-mcp-server
gemini
Usage with Bob IDE / Shell
More about using and adding MCP servers tools in Bob IDE or Shell Using MCP in Bob.
| Version 0.3.0+ or greater | Version 0.2.3 or lower |
|---|---|
|
|
Install from source
Use the latest release version:
go install github.com/hashicorp/terraform-mcp-server/cmd/terraform-mcp-server@latest
Use the main branch:
go install github.com/hashicorp/terraform-mcp-server/cmd/terraform-mcp-server@main
| Version 0.3.0+ or greater | Version 0.2.3 or lower |
|---|---|
|
|
Building the Docker Image locally
Before using the server, you need to build the Docker image locally:
- Clone the repository:
git clone https://github.com/hashicorp/terraform-mcp-server.git
cd terraform-mcp-server
- Build the Docker image:
make docker-build
- This will create a local Docker image that you can use in the following configuration.
# Run in stdio mode
docker run -i --rm terraform-mcp-server:dev
# Run in streamable-http mode
docker run -p 8080:8080 --rm -e TRANSPORT_MODE=streamable-http -e TRANSPORT_HOST=0.0.0.0 terraform-mcp-server:dev
# Filter tools (optional)
docker run -i --rm terraform-mcp-server:dev --toolsets=registry,terraform
docker run -i --rm terraform-mcp-server:dev --tools=search_providers,get_provider_details
Note: When running in Docker, you should set
TRANSPORT_HOST=0.0.0.0to allow connections from outside the container.
- (Optional) Test connection in http mode
# Test the connection
curl http://localhost:8080/health
- You can use it on your AI assistant as follow:
{
"mcpServers": {
"terraform": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"terraform-mcp-server:dev"
]
}
}
}
Available Tools
Check out available tools here :link:
Available Resources
Check out available resources here :link:
Available Metrics
Two kinds of metrics are collected. First, standard HTTP server metrics are added by wrapping the HTTP mux with otelhttp.NewHandler(...). This emits:
- http.server.request.body.size
- http.server.response.body.size
- http.server.request.duration
Second, the MCP server records custom tool metrics around tool execution using MCP hooks (BeforeCallTool / AfterCallTool). These emit:
- mcp_tool_calls_total
- mcp_tool_errors_total
- mcp_tool_duration_seconds
Tool Filtering
Control which tools are available using --toolsets (groups) or --tools (individual):
# Enable tool groups (default: registry)
terraform-mcp-server --toolsets=registry,terraform
# Enable specific tools only
terraform-mcp-server --tools=search_providers,get_provider_details,list_workspaces
Available toolsets: registry, registry-private, terraform, all, default. See pkg/toolsets/mapping.go for individual tool names. Cannot use both flags together.
Transport Support
The Terraform MCP Server supports multiple transport protocols:
1. Stdio Transport (Default)
Standard input/output communication using JSON-RPC messages. Ideal for local development and direct integration with MCP clients.
2. StreamableHTTP Transport
Modern HTTP-based transport supporting both direct HTTP requests and Server-Sent Events (SSE) streams. This is the recommended transport for remote/distributed setups.
Features:
- Endpoint:
http://{hostname}:8080/mcp - Health Check:
http://{hostname}:8080/health - Environment Configuration: Set
TRANSPORT_MODE=httporTRANSPORT_PORT=8080to enable
Session Modes
The Terraform MCP Server supports two session modes when using the StreamableHTTP transport:
- Stateful Mode (Default): Maintains session state between requests, enabling context-aware operations.
- Stateless Mode: Each request is processed independently without maintaining session state, which can be useful for high-availability deployments or when using load balancers.
To enable stateless mode, set the environment variable:
export MCP_SESSION_MODE=stateless
Troubleshooting
Corporate Proxy / TLS Inspection (Zscaler, etc.)
If you're behind a corporate proxy that performs TLS inspection (like Zscaler Internet Access), you may see certificate errors:
tls: failed to verify certificate: x509: certificate signed by unknown authority
Solution: Mount your corporate CA certificate into the container:
docker run -i --rm \
-v /path/to/corporate-ca.pem:/etc/ssl/certs/corporate-ca.pem \
-e SSL_CERT_FILE=/etc/ssl/certs/corporate-ca.pem \
hashicorp/terraform-mcp-server:0.5.2
For MCP client configurations:
{
"mcpServers": {
"terraform": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-v", "/path/to/corporate-ca.pem:/etc/ssl/certs/corporate-ca.pem",
"-e", "SSL_CERT_FILE=/etc/ssl/certs/corporate-ca.pem",
"-e", "TFE_TOKEN=<>",
"hashicorp/terraform-mcp-server:0.5.2"
]
}
}
}
Alternative: Run the binary directly
If Docker is not permitted in your environment, you can install and run the server binary directly, which will use your system's certificate store:
go install github.com/hashicorp/terraform-mcp-server/cmd/terraform-mcp-server@latest
terraform-mcp-server stdio
Development
Prerequisites
- Go (check go.mod file for specific version)
- Docker (optional, for container builds)
Available Make Commands
| Command | Description |
|---|---|
make build | Build the binary |
make test | Run all tests |
make test-e2e | Run end-to-end tests |
make docker-build | Build Docker image |
make run-http | Run HTTP server locally |
make docker-run-http | Run HTTP server in Docker |
make test-http | Test HTTP health endpoint |
make clean | Remove build artifacts |
make help | Show all available commands |
Contributing
- Fork the repository
- Create your feature branch
- Make your changes
- Run tests
- Submit a pull request
License
This project is licensed under the terms of the MPL-2.0 open source license. Please refer to LICENSE file for the full terms.
Security
For security issues, please contact [email protected] or follow our security policy.
Support
For bug reports and feature requests, please open an issue on GitHub.
For general questions and discussions, open a GitHub Discussion.
संबंधित सर्वर
Alpha Vantage MCP Server
प्रायोजकAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
R.A.P.I.D.
A local MCP server providing powerful code analysis and search capabilities for software projects.
ImageSorcery MCP
ComputerVision-based 🪄 sorcery of image recognition and editing tools for AI assistants.
Fast MCP
A Ruby implementation of the Model Context Protocol (MCP) server for integrating AI models into Ruby applications.
Berry MCP Server
A universal framework for easily creating and deploying Model Context Protocol servers with any tools.
Swift Package Index
Search for Swift packages and retrieve their READMEs and metadata from the Swift Package Index.
MCP Repo Search Server
MCP server that gives LLMs structural code intelligence across multiple repos
Clangaroo
Provides fast C++ code intelligence for LLMs using the clangd language server.
Vercel Domains MCP
Query domains on Vercel
BCMS MCP
Give me a one - two sentence description of the BCMS MCP # MCP The BCMS Model Context Protocol (MCP) integration enables AI assistants like Claude, Cursor, and other MCP-compatible tools to interact directly with your BCMS content. This allows you to create, read, and update content entries, manage media files, and explore your content structure—all through natural language conversations with AI. ## What is MCP? The [Model Context Protocol (MCP)](https://modelcontextprotocol.io/) is an open standard developed by Anthropic that allows AI applications to securely connect to external data sources and tools. With BCMS MCP support, you can leverage AI assistants to: - Query and explore your content structure - Create new content entries with AI-generated content - Update existing entries - Manage your media library - Get intelligent suggestions based on your content model --- ## Getting Started ### Prerequisites 1. A BCMS account with an active instance 2. An MCP key with appropriate permissions 3. An MCP-compatible client (Claude Desktop, Cursor, or any MCP client) ### Step 1: Create an MCP Key 1. Navigate to your BCMS dashboard 2. Go to Settings → MCP 3. Click Create MCP Key 4. Configure the permissions for templates you want the AI to access:GET: Read entries 5. POST: Create entries 6. PUT: Update entries 7. DELETE: Delete entries Note: Right now, MCP only supports creating, reading and updating content. ### Step 2: Configure Your MCP Client You can find full instructions for integrating BCMS with your AI tools right inside BCMS, on the MCP page. But in general, installing BCMS MCP works in a standard way: ``` { "mcpServers": { "bcms": { "url": "https://app.thebcms.com/api/v3/mcp?mcpKey=YOUR_MCP_KEY" } } } ``` ## Available Tools Once connected, your AI assistant will have access to the following tools based on your MCP key permissions: ### Content Discovery #### list_templates_and_entries Lists all templates and their entries that you have access to. This is typically the first tool to call when exploring your BCMS content. Returns: - Template IDs, names, and slugs - Entry IDs with titles and slugs for each language Example prompt: "Show me all the templates and entries in my BCMS" --- ### Entry Management #### list_entries_for_{templateId} Retrieves all entries for a specific template with full content data. A separate tool is generated for each template you have access to. Returns: - Complete entry data including all meta fields - Content in all configured languages - Entry statuses Example prompt: "List all blog posts from my Blog template" --- #### create_entry_for_{templateId} Creates a new entry for a specific template. The input schema is dynamically generated based on your template's field structure. Input: - statuses: Array of status assignments per language - meta: Array of metadata for each language (title, slug, custom fields) - content: Array of content nodes for each language Example prompt: "Create a new blog post titled 'Getting Started with BCMS' with a brief introduction paragraph" --- #### update_entry_for_{templateId} Updates an existing entry for a specific language. Input: - entryId: The ID of the entry to update - lng: Language code (e.g., "en") - status: Optional status ID - meta: Updated metadata - content: Updated content nodes Example prompt: "Update the introduction paragraph of my 'Getting Started' blog post" --- ### Media Management #### list_all_media Lists all media files in your media library. Returns: - Media IDs, names, and types - File metadata (size, dimensions for images) - Parent directory information Example prompt: "Show me all images in my media library" --- #### list_media_dirs Lists the directory structure of your media library. Returns: - Hierarchical directory structure - Directory IDs and names Example prompt: "Show me the folder structure of my media library" --- #### create-media-directory Creates a new directory in your media library. Input: - name: Name of the directory - parentId: Optional parent directory ID (root if not specified) Example prompt: "Create a new folder called 'Blog Images' in my media library" --- #### request-upload-media-url Returns a URL you use to upload a file (for example via POST with multipart form data), which avoids pushing large binaries through the MCP tool payload. You still need a valid file name and MIME type when uploading, as described in the tool response. Availability: Only when the MCP key has Can mutate media enabled. Example prompt: “Give me an upload URL for a new hero image, then tell me how to upload it.” Input: - fileName: Name of the file with extension - fileData: Base64-encoded file data (with data URI prefix) - parentId: Optional parent directory ID Example prompt: "Upload this image to my Blog Images folder" --- ### Linking Tools #### get_entry_pointer_link Generates an internal BCMS link to an entry for use in content. Input: - entryId: The ID of the entry to link to Returns: - Internal link format: entry:{entryId}@*_{templateId}:entry Example prompt: "Get me the internal link for the 'About Us' page entry" --- #### get_media_pointer_link Generates an internal BCMS link to a media item for use in content. Input: - mediaId: The ID of the media item Returns: - Internal link format: media:{mediaId}@*_@*_:entry Example prompt: "Get the link for the hero image so I can use it in my blog post" --- ## Content Structure ### Entry Content Nodes When creating or updating entries, content is structured as an array of nodes. Supported node types include: Type Description paragraph Standard text paragraph heading Heading (h1-h6) bulletList Unordered list orderedList Numbered list listItem List item codeBlock Code block with syntax highlighting blockquote Quote block image Image node widget Custom widget with props ### Example Content Structure ``` { "content": [ { "lng": "en", "nodes": [ { "type": "heading", "attrs": { "level": 1 }, "content": [ { "type": "text", "text": "Welcome to BCMS" } ] }, { "type": "paragraph", "content": [ { "type": "text", "text": "This is your first paragraph." } ] } ] } ] } ``` ## Security & Permissions ### MCP Key Scopes Your MCP key controls what the AI can access: - Template Access: Only templates explicitly granted in the MCP key are visible - Operation Permissions: Each template can have independent GET/POST/PUT/DELETE permissions - Media Access: Media operations are controlled separately ### Best Practices 1. Principle of Least Privilege: Only grant the permissions needed for your use case 2. Separate Keys: Create different MCP keys for different purposes or team members 3. Regular Rotation: Periodically rotate your MCP keys ## Use Cases ### Content Creation Workflows Blog Post Creation "Create a new blog post about the benefits of headless CMS. Include an introduction, three main benefits with explanations, and a conclusion. Use the Blog template." Product Updates "Update the price field for all products in the Electronics category to apply a 10% discount" ### Content Exploration Content Audit "List all blog posts that don't have a featured image set" Translation Status "Show me which entries are missing German translations" ### Media Organization Library Cleanup "Show me all unused images in the media library" Folder Setup "Create folder structure for: Products > Categories > Electronics, Clothing, Home" ## Troubleshooting ### Common Issues #### "MCP key not found" - Verify your MCP key format: keyId.keySecret.instanceId - Ensure the MCP key hasn't been deleted or deactivated - Check that you're using the correct instance #### "MCP key does not have access to template" - Review your MCP key permissions in the dashboard - Ensure the required operation (GET/POST/PUT/DELETE) is enabled for the template #### Session Expired - MCP sessions may timeout after periods of inactivity - Simply start a new conversation to establish a fresh session ### Getting Help - Documentation: [thebcms.com/docs](https://thebcms.com/docs) - Support: [[email protected]](mailto:[email protected]) - Community: [Join BCMS Discord](https://discord.com/invite/SYBY89ccaR) for community support ## Technical Reference ### Endpoint POST https://app.thebcms.com/api/v3/mcp?mcpKey={MCP_KEY} ### Transport BCMS MCP uses the Streamable HTTP transport with session management. Sessions are maintained via the mcp-session-id header. ### Response Format All tools return structured JSON responses conforming to the MCP specification with: - content: Array of content blocks - structuredContent: Typed response data ## Rate Limits MCP requests are subject to the same rate limits as API requests: - Requests are tracked per MCP key - Contact support if you need higher limits for production workloads
MegaChad
Burn-to-create looksmaxxing engine on MegaETH with 14 MCP tools for swap quotes, token stats, NFT minting, gallery, leaderboard, wallet checks, gasless burns, and orchestrated agent flows