tfmcp is a command-line tool that enables AI assistants to manage and operate Terraform environments through the Model Context Protocol (MCP). It allows for reading, analyzing, applying, and modifying Terraform configurations, making infrastructure management more accessible through AI interfaces.
The easiest way to install tfmcp is from Crates.io:
cargo install tfmcp
# Clone the repository
git clone https://github.com/nwiizo/tfmcp
cd tfmcp
# Build and install
cargo install --path .
# Clone the repository
git clone https://github.com/nwiizo/tfmcp
cd tfmcp
# Build the Docker image
docker build -t tfmcp .
# Run the container
docker run -it tfmcp
$ tfmcp --help
✨ A CLI tool to manage Terraform configurations and operate Terraform through the Model Context Protocol (MCP).
Usage: tfmcp [OPTIONS] [COMMAND]
Commands:
mcp Launch tfmcp as an MCP server
analyze Analyze Terraform configurations
help Print this message or the help of the given subcommand(s)
Options:
-c, --config <PATH> Path to the configuration file
-d, --dir <PATH> Terraform project directory
-V, --version Print version
-h, --help Print help
# Run as MCP server (default)
docker run -it tfmcp
# Run with specific command and options
docker run -it tfmcp analyze --dir /app/example
# Mount your Terraform project directory
docker run -it -v /path/to/your/terraform:/app/terraform tfmcp --dir /app/terraform
# Set environment variables
docker run -it -e TFMCP_LOG_LEVEL=debug tfmcp
If you haven't already installed tfmcp, do so with one of the methods above.
which tfmcp
Add the following configuration to ~/Library/Application\ Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"tfmcp": {
"command": "/path/to/your/tfmcp", // Replace with the actual path
"args": ["mcp"],
"env": {
"HOME": "/Users/yourusername", // Replace with your username
"PATH": "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
"TERRAFORM_DIR": "/path/to/your/terraform/project" // Optional
}
}
}
}
{
"mcpServers": {
"tfmcp": {
"command": "docker",
"args": ["run", "--rm", "-v", "/path/to/your/terraform:/app/terraform", "tfmcp", "mcp"],
"env": {
"TERRAFORM_DIR": "/app/terraform"
}
}
}
}
After restarting Claude Desktop, enable the tfmcp tool in the interface.
TERRAFORM_DIR: Custom Terraform project directoryTFMCP_LOG_LEVEL: Set to debug, info, warn, or errorTFMCP_DEMO_MODE: Set to true to enable demo modeTFMCP_ALLOW_DANGEROUS_OPS: Enable apply/destroy operations (default: false)TFMCP_ALLOW_AUTO_APPROVE: Enable auto-approve for dangerous operations (default: false)TFMCP_MAX_RESOURCES: Maximum number of manageable resources (default: 50)TFMCP_AUDIT_ENABLED: Enable audit logging (default: true)TFMCP_AUDIT_LOG_FILE: Custom path for audit log file (default: ~/.tfmcp/audit.log)TFMCP_AUDIT_LOG_SENSITIVE: Include sensitive information in audit logs (default: false)The tfmcp server logs are available at:
~/Library/Logs/Claude/mcp-server-tfmcp.log
Common issues and solutions:
tfmcp includes comprehensive security features designed for production use:
export TFMCP_ALLOW_DANGEROUS_OPS=false # Keep disabled for safety
export TFMCP_ALLOW_AUTO_APPROVE=false # Require manual approval
export TFMCP_MAX_RESOURCES=10 # Limit resource scope
export TFMCP_AUDIT_ENABLED=true # Enable audit logging
export TFMCP_AUDIT_LOG_SENSITIVE=false # Don't log sensitive data
To add this MCP server to Claude Code, run this command in your terminal:
claude mcp add-json "tfmcp" '{"command":"tfmcp","args":["mcp"],"env":{"HOME":"/Users/yourusername","PATH":"/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin","TERRAFORM_DIR":"/path/to/your/terraform/project"}}'See the official Claude Code MCP documentation for more details.
There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.
To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".
When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:
{
"mcpServers": {
"tfmcp": {
"command": "tfmcp",
"args": [
"mcp"
],
"env": {
"HOME": "/Users/yourusername",
"PATH": "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
"TERRAFORM_DIR": "/path/to/your/terraform/project"
}
}
}
}To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.
To add this MCP server to Claude Desktop:
1. Find your configuration file:
~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%\Claude\claude_desktop_config.json~/.config/Claude/claude_desktop_config.json2. Add this to your configuration file:
{
"mcpServers": {
"tfmcp": {
"command": "tfmcp",
"args": [
"mcp"
],
"env": {
"HOME": "/Users/yourusername",
"PATH": "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
"TERRAFORM_DIR": "/path/to/your/terraform/project"
}
}
}
}3. Restart Claude Desktop for the changes to take effect