Server data from the Official MCP Registry
Safety-first Terraform: confirmation-gated apply/destroy, risk & cost analysis, drift detection
Safety-first Terraform: confirmation-gated apply/destroy, risk & cost analysis, drift detection
This is a well-architected MCP server for Terraform management with strong security fundamentals. The server implements a two-step confirmation flow for destructive operations, provides configurable safety modes via environment variables, and includes audit logging with credential redaction. Code quality is high with proper input validation via Zod schemas and comprehensive error handling. Permissions appropriately match the server's purpose of managing Terraform infrastructure. Supply chain analysis found 5 known vulnerabilities in dependencies (2 critical, 3 high severity). Package verification found 1 issue.
7 files analyzed · 10 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: ALLOW_ONLY_READONLY_TOOLS
Environment variable: ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS
Environment variable: AUDIT_LOG_PATH
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-rajeevsirohi-mcp-server-terraform": {
"env": {
"AUDIT_LOG_PATH": "your-audit-log-path-here",
"ALLOW_ONLY_READONLY_TOOLS": "your-allow-only-readonly-tools-here",
"ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS": "your-allow-only-non-destructive-tools-here"
},
"args": [
"-y",
"@rajsir/mcp-server-terraform"
],
"command": "npx"
}
}
}From the project's GitHub README.
A Model Context Protocol (MCP) server that lets Claude manage Terraform infrastructure through natural language.
Run plans, apply changes, inspect state, and diagnose failures — all from a Claude conversation.
Instead of switching to a terminal to run terraform plan, you can ask Claude:
"Plan the changes in
/infra/stagingand explain what will change"
"Apply it — but only if no resources will be destroyed"
"Show me all the outputs from the prod workspace"
"Something broke after the last apply — diagnose it"
The server translates these into real terraform CLI commands on your machine, with a built-in safety confirmation flow before any destructive operation runs.
| Tool | Description | Destructive |
|---|---|---|
tf_init | Initialize a Terraform working directory | No |
tf_validate | Validate configuration syntax | No |
tf_plan | Run a plan and return the diff + risk/cost summary | No |
tf_apply | Apply changes (requires confirmed: true) | Yes |
tf_destroy | Destroy infrastructure (requires confirmed: true) | Yes |
tf_output | Read output values from state | No |
tf_state | List, show, move, or remove state entries | Partial |
tf_workspace | List, show, select, or create workspaces | No |
tf_preflight | Check provider CLI authentication before running | No |
tf_drift | Detect resources changed outside Terraform | No |
tf_resource | Import, taint, untaint, or refresh resources | Yes |
Every plan (and every apply preview) is analyzed via terraform show -json and
annotated with a structured summary — destroyed resources are called out, and
always-on resources that commonly cause bill shock are flagged with rough
monthly costs:
── Plan Summary ──
+ 3 create, ~ 1 update, - 0 destroy, ± 0 replace
💸 EXPENSIVE — always-on resources being created:
⚠ aws_nat_gateway.main (~$32/month + data processing if left running)
Remember to tf_destroy when you're done experimenting.
Cost-flagged resource types include NAT gateways, load balancers, EKS/AKS/GKE control planes, RDS/Cloud SQL instances, ElastiCache, Redshift, MSK, and Azure Firewall (~$900/month!).
tf_drift runs a refresh-only plan and reports resources that were changed
outside Terraform (e.g. manually in the cloud console), with the changed
attribute names and remediation options.
Set AUDIT_LOG_PATH to a file path and every tool call is appended as a JSON
line with timestamp, tool name, outcome, and duration. Variable values are
always redacted (db_password=<redacted>) — only names are logged.
tf_apply and tf_destroy use a two-step safety flow:
confirmed) → runs terraform plan, shows the diff, does nothing elseconfirmed: true) → actually applies or destroysClaude is instructed to never pass confirmed: true without first presenting the plan to you.
The server exposes a /tf-diagnose prompt that guides Claude through a systematic 5-step diagnosis of plan or apply failures.
No install needed — run it straight from npm:
npx @rajsir/mcp-server-terraform
Or, for development, from source:
git clone https://github.com/RajeevSirohi/mcp-server-terraform.git
cd mcp-server-terraform
npm install
npm run build
Add to your Claude Desktop config file:
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
Windows: %APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"terraform": {
"command": "npx",
"args": ["-y", "@rajsir/mcp-server-terraform"]
}
}
}
(If running from source instead, use "command": "node" with "args": ["/absolute/path/to/dist/index.js"].)
Restart Claude Desktop. You should see a hammer icon indicating tools are available.
Once connected, just talk to Claude about your Terraform workspaces in plain language. Some examples:
"Initialize the terraform config in
C:\infra\stagingand check if I'm logged into the right cloud accounts"
Claude runs tf_init, then tf_preflight — if you're not authenticated it tells you exactly which command to run (az login, aws configure, ...).
"Plan the changes in
C:\infra\stagingand explain what will change"
You get the plan diff plus a summary: how many resources created/updated/destroyed, anything destructive called out explicitly, and cost warnings for expensive always-on resources.
"Looks good, apply it"
Claude shows the plan preview one more time and asks for your confirmation — nothing is applied until you say yes. This two-step gate is built into the server itself, not just the prompt, so Claude cannot skip it.
"Did anyone change anything outside terraform in the prod workspace?"
tf_drift compares state against reality and reports what was modified in the console, with options to accept or revert.
"Show me all the outputs" · "List everything in state" · "What workspaces exist?"
"Apply the VPC lab in
C:\labs\vpc, and when I say 'done' destroy everything"
The cost flags are your friend here — if a lab creates a NAT gateway or EKS cluster, the plan summary warns you what it costs per month if forgotten:
💸 EXPENSIVE — always-on resources being created:
⚠ aws_nat_gateway.main (~$32/month + data processing if left running)
Remember to tf_destroy when you're done experimenting.
"terraform plan is failing in
C:\infra\staging— diagnose it"
The /tf-diagnose prompt walks Claude through validate → providers → plan → state → outputs systematically. There's also /tf-login for step-by-step authentication setup per provider.
"Import the S3 bucket
my-legacy-bucketinto state asaws_s3_bucket.legacy"
"Taint the web server so it gets recreated on the next apply"
Run with ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS=true (see Safety modes below) so apply/destroy are unavailable entirely, and set AUDIT_LOG_PATH so every operation is logged.
Control which tools are available via environment variables:
| Variable | Effect |
|---|---|
ALLOW_ONLY_READONLY_TOOLS=true | Only tf_validate, tf_plan, tf_output |
ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS=true | Blocks tf_apply, tf_destroy, tf_state mv/rm |
ALLOWED_TOOLS=tf_plan,tf_output | Explicit comma-separated allowlist |
Example — read-only mode:
{
"mcpServers": {
"terraform": {
"command": "node",
"args": ["/path/to/dist/index.js"],
"env": {
"ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS": "true"
}
}
}
}
npm run dev # watch mode (recompiles on save)
npm test # run tests
npm run build # production build
src/
index.ts # MCP server entry point, tool registration
config/ # (reserved for future config/telemetry)
models/
common-parameters.ts # Shared Zod schemas
security/
tf-flags.ts # Dangerous flag blocking
tools/
tf-init.ts
tf-validate.ts
tf-plan.ts
tf-apply.ts # Two-step confirmation flow
tf-destroy.ts # Two-step confirmation flow
tf-output.ts
tf-state.ts
tf-workspace.ts
utils/
terraform-runner.ts # Core exec wrapper, workspace switching
prompts/
index.ts # /tf-diagnose prompt
tests/
tf-flags.test.ts
tf-apply.test.ts
src/tools/tf-yourcommand.ts — export a *Schema const and an async handler functionsrc/index.tsreadonlyTools or destructiveTools arraycase in the CallToolRequestSchema handler switchSee CONTRIBUTING.md.
MIT — see LICENSE.
Be the first to review this server!
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
by Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption