Terraform Model Context Protocol (MCP) CLI/server that lets LLMs analyse and operate Terraform projects with built-in security controls and Claude Desktop integration.
https://github.com/nwiizo/tfmcpStop copying Terraform configs into chat windows and pasting AI-generated plans back into your terminal. tfmcp creates a direct bridge between AI assistants like Claude and your Terraform projects, letting you analyze, plan, and manage infrastructure through natural conversation.
You're already using AI to help with Terraform configs, but the workflow is broken. Copy configs to chat, get suggestions, paste back to terminal, repeat. Meanwhile, you're missing context about your existing state, struggling to validate AI-generated plans, and have zero audit trail of what your AI assistant actually did to your infrastructure.
That ends now.
tfmcp is an MCP server that gives AI assistants direct, controlled access to your Terraform workflows. Built in Rust for speed and reliability, with enterprise security controls that actually make sense for infrastructure management.
Key Capabilities:
Infrastructure Review & Analysis
# AI can now directly analyze your entire Terraform setup
"Review my AWS infrastructure for cost optimization opportunities"
"Check this plan for security issues before I apply it"
"Explain the dependencies between these resources"
Guided Infrastructure Changes
# AI helps you make changes with full context
"Add monitoring to all my EC2 instances"
"Update the RDS instance to use encryption at rest"
"Scale the Auto Scaling Group based on current usage patterns"
Compliance & Audit Support
# Built-in audit logging tracks every AI operation
"Generate a compliance report for last month's infrastructure changes"
"Show me all the resources that don't follow our tagging standards"
"What would happen if I applied this plan to production?"
Unlike other AI infrastructure tools, tfmcp was built with production security from day one:
prod*, production*, and secret* patternsGet started in under 2 minutes:
# Install from crates.io
cargo install tfmcp
# Add to Claude Desktop config
{
"mcpServers": {
"tfmcp": {
"command": "/path/to/tfmcp",
"args": ["mcp"],
"env": {
"TERRAFORM_DIR": "/path/to/your/terraform/project"
}
}
}
}
tfmcp automatically creates a sample Terraform project if you don't have one, so you can start experimenting immediately.
Set up enterprise-grade controls for your team:
# Recommended production settings
export TFMCP_ALLOW_DANGEROUS_OPS=false # Keep applies disabled
export TFMCP_MAX_RESOURCES=25 # Limit scope of changes
export TFMCP_AUDIT_ENABLED=true # Full audit logging
export TFMCP_ALLOW_AUTO_APPROVE=false # Require manual approval
All operations are logged to ~/.tfmcp/audit.log with complete traceability.
For Infrastructure Teams: Get AI assistance without sacrificing security controls or audit requirements. Review plans faster, catch issues earlier, and maintain complete visibility into AI-driven changes.
For Platform Engineers: Enable your teams to work with AI on infrastructure while maintaining centralized security policies and compliance standards.
For DevOps Practitioners: Eliminate context switching between AI chat and terminal work. Keep your existing Terraform workflows while adding AI intelligence.
Ready to give your AI assistant direct access to your infrastructure? Install tfmcp and transform how you work with Terraform.
Built by developers who understand that infrastructure tooling needs production-grade security, not just proof-of-concept demos.