playbooks

home / mcp / terraform mcp server

Terraform MCP Server

MCP server that validates, secures, and estimates costs for Terraform configurations

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "binadox-public-binadox-terraform-mcp": {
      "command": "/path/to/terraform-mcp-server",
      "args": [],
      "env": {
        "TERRAFORM_ANALYSIS_URL": "https://app.binadox.com/api/1/organizations/pricing/terraform/mcp",
        "TERRAFORM_ANALYSIS_TOKEN": "your-token"
      }
    }
  }
}

You deploy the Terraform MCP Server to help your AI assistants generate secure, cost-aware Terraform configurations. It validates code, analyzes security, and estimates monthly cloud costs, all before you apply infrastructure changes. This server acts as a bridge between your MCP client and Terraform, adding structured tooling to your workflow so your infrastructure code is more complete and safer from the start.

How to use

After you install and configure the server, it runs behind the scenes to validate and complete Terraform code, check for misconfigurations, and estimate costs. You can rely on it to fill in missing providers, versions, and variables, flag security issues like open ports or missing encryption, and provide a monthly cost breakdown for proposed resources. All outputs are organized into logical Terraform files and modules to keep your project tidy.

How to install

Prerequisites: Ensure you have Go toolchain installed, Terraform CLI 1.6 or newer, and a valid Binadox API token. You also need internet access to the pricing API and write access to /tmp for intermediate files.

git clone https://github.com/binadox/binadox-terraform-mcp
cd binadox-terraform-mcp
go build -o terraform-mcp-server *.go

Configure your MCP client (example shown for Claude Desktop). Add the following MCP server entry to your client configuration under the mcpServers section. This enables the Terraform MCP server with the required environment settings for pricing data.

{
  "mcpServers": {
    "terraform": {
      "command": "/path/to/terraform-mcp-server",
      "env": {
        "TERRAFORM_ANALYSIS_URL": "https://app.binadox.com/api/1/organizations/pricing/terraform/mcp",
        "TERRAFORM_ANALYSIS_TOKEN": "your-token"
      }
    }
  }
}

Restart your MCP client to apply the new server configuration. After restart, the Terraform MCP Server starts handling Terraform-related requests from your MCP client.

Additional sections

Configuration details and security considerations are important for safe operation. The server runs locally and does not access your cloud credentials directly. Output files are written to /tmp/terraform/ and are not sent to external services unless you explicitly request remote cost data via the configured API token.

Security checks and cost estimation are available as core capabilities. You will see analyses related to potential insecure configurations and a cost breakdown for the proposed resources based on current pricing data.

If you need examples to get started, try prompts that request a complete Terraform snippet with providers and variables filled in, or prompts that ask for security analysis and cost estimates for a simple environment.

Troubleshooting and notes

If the server does not respond, verify that the MCP client is configured with the correct path to the executable and that the environment variables are set as shown. Ensure the Binadox API token is valid and has access to the pricing endpoint.

Available tools

prepare_terraform

Validates and completes Terraform code by adding missing providers, versions, variables, and metadata to produce a runnable configuration.

analyze_terraform

Performs security analysis to detect misconfigurations and insecure defaults, such as open ports or encryption gaps.

calculate_cost

Estimates monthly cloud costs for the proposed Terraform resources using real pricing data and provides a breakdown by resource.