Home / MCP / Terraform Cloud MCP Server
Provides Terraform Cloud management via MCP, enabling account, workspace, project, run, plan, apply, state, and variable operations through natural language.
Configuration
View docs{
"mcpServers": {
"terraform_cloud_mcp": {
"command": "mcp",
"args": [
"dev",
"terraform_cloud_mcp/server.py"
],
"env": {
"TFC_TOKEN": "YOUR_TFC_TOKEN",
"TFC_ADDRESS": "https://app.terraform.io",
"ENABLE_DELETE_TOOLS": "false",
"READ_ONLY_TOOLS": "false",
"ENABLE_RAW_RESPONSE": "false"
}
}
}
}You can manage Terraform Cloud resources through natural conversation by running a dedicated MCP server that exposes Terraform Cloud actions as chat-friendly tools. This server lets you view and modify accounts, workspaces, projects, runs, plans, applies, state versions, variables, and more, while keeping safety controls and auditability in place for production use.
Start the MCP server locally or on a hostable environment. Connect your MCP client (such as Claude Code CLI, Claude Desktop, Cursor, Copilot Studio, or another MCP-enabled platform) and point it at the running server. You can perform common Terraform Cloud operations through natural language prompts, for example: asking to list workspaces, create a project, start a run, view plan outputs, or retrieve cost estimates. When you enable destructive operations with the proper environment flag, you can also delete resources and modify configurations, but default safety settings disable destructive actions and require explicit approval.
Prerequisites you need before installing the MCP server are: Python 3.12 or higher, MCP tooling, and either the uv package manager or pip to install Python packages.
# Prerequisites
python3 --version
python3 -m venv .venv
source .venv/bin/activate # or .venv\Scripts\activate on Windows
# Install in development mode (uses local code)
mcp dev terraform_cloud_mcp/server.py
# Alternatively, install in a lightweight local environment
uv venv
source .venv/bin/activate
uv pip install .
# Run in development mode (if you installed via MCP tooling)
mcp dev terraform_cloud_mcp/server.pyYou control access and safety through environment variables. The following flags are available to tailor safety for production use:
- TFC_TOKEN: Terraform Cloud API token (required for authentication)
- TFC_ADDRESS: Terraform Cloud or Enterprise address (defaults to https://app.terraform.io)
- ENABLE_DELETE_TOOLS: Enable destructive operations (default false)
- READ_ONLY_TOOLS: Enable only read-only operations (default false)
- ENABLE_RAW_RESPONSE: Return raw vs filtered responses (default false)
If you run into issues, check the server logs for debug information. The MCP Inspector can assist with debugging by inspecting your running MCP setup. Ensure the required environment variables are set and that the MCP server is reachable by your client.
The server exposes a comprehensive set of TerraForm Cloud operations through a consistent MCP interface. Use the client’s conversation capabilities to perform tasks such as listing workspaces, creating projects, managing runs, and retrieving state or plan outputs. Remember to respect safety settings when enabling destructive actions in non-development environments.
Gets account information for the authenticated user or service account.
List and filter workspaces within an organization.
Get detailed information about a specific workspace.
Create a new workspace with optional parameters.
Update an existing workspace's configuration.
Delete a workspace and all its content. Requires ENABLE_DELETE_TOOLS=true.
Delete a workspace only if it is not managing resources. Requires ENABLE_DELETE_TOOLS=true.
Lock a workspace to prevent runs.
Unlock a workspace to allow runs.
Force unlock a workspace locked by another user.
Create and queue a Terraform run in a workspace.
List runs in a specific workspace.
List runs across an organization.
Get details about a specific run.
Apply a run awaiting confirmation.
Discard a run awaiting confirmation.
Cancel a running or planned run.
Force cancel a running or pending run.
Force execute a pending run by canceling prior runs.
Get detailed information about a specific plan.
Retrieve the JSON plan output with proper redirects.
Retrieve the JSON plan for a run.
Retrieve logs from a plan operation.
Get details about a specific apply.
Retrieve errored state from a failed apply for recovery.
Retrieve logs from an apply operation.
Create a new project with optional parameters.
Update an existing project's configuration.
List and filter projects in an organization.
Get detailed information about a specific project.
Delete a project (fails if it contains workspaces). Requires ENABLE_DELETE_TOOLS=true.
List tags bound to a project.
Add or update tag bindings on a project.
Move workspaces into a project.
Get detailed information about an organization.
Show entitlements for an organization.
List and filter organizations.
Create a new organization with optional parameters.
Update an organization's settings.
Delete an organization and all its content. Requires ENABLE_DELETE_TOOLS=true.
Get cost estimate details for infrastructure changes.
Get details about a health assessment result.
Retrieve the JSON output of an assessment.
Retrieve the JSON schema for an assessment.
Retrieve logs from an assessment operation.
List state versions in a workspace.
Get the current state version for a workspace.
Get details for a specific state version.
Create a new state version in a workspace.
Download the raw or JSON-formatted state file.
List outputs for a specific state version.
Get details for a specific state version output.
List all variables for a workspace.
Create a new variable in a workspace.
Update an existing workspace variable.
Delete a workspace variable. Requires ENABLE_DELETE_TOOLS=true.
List variable sets in an organization.
Get details for a specific variable set.
Create a new variable set.
Update an existing variable set.
Delete a variable set and all its variables. Requires ENABLE_DELETE_TOOLS=true.
Assign a variable set to workspaces.
Remove a variable set from workspaces.
Assign a variable set to projects.
Remove a variable set from projects.
List all variables in a variable set.
Create a variable in a variable set.
Update a variable in a variable set.
Delete a variable from a variable set. Requires ENABLE_DELETE_TOOLS=true.