Overview

Terraform MCP is the official Model Context Protocol server from HashiCorp, enabling AI assistants to interact with the Terraform ecosystem for Infrastructure as Code (IaC) development. It provides real-time access to Terraform provider documentation, module registries, policy libraries, and workspace management through a standardized MCP interface.

Built and maintained by HashiCorp, the Terraform MCP server supports both stdio and StreamableHTTP transports and integrates with HCP Terraform and Terraform Enterprise environments. It connects AI agents to the Terraform Registry for provider lookups, module discovery, and policy recommendations — grounding AI-generated infrastructure code in live, accurate documentation rather than stale training data.

With infrastructure provisioning being one of the highest-stakes operations in any engineering organization, Terraform MCP represents a critical governance surface. A single misconfigured apply can spin up unbudgeted cloud resources, expose security groups, or destroy production infrastructure. HashiCorp considers the server experimental, but its capabilities — including plan, apply, destroy, and state management — make it one of the most consequential MCP connectors available today.

Key Features

Registry Integration

Query the Terraform Registry for provider documentation, module details, and policy libraries in real time, giving AI assistants grounded, up-to-date infrastructure recommendations

Plan & Apply Workflows

Generate Terraform execution plans and apply infrastructure changes through AI-assisted workflows with full support for variable injection and backend configuration

Workspace Management

Full CRUD operations on HCP Terraform and Terraform Enterprise workspaces including variable management, tag assignment, and run triggers

State Inspection

List and inspect resources tracked in Terraform state for infrastructure inventory, drift detection, and understanding current cloud resource deployment

Module & Provider Discovery

Search and retrieve documentation for any Terraform provider or module, with AI recommendations for appropriate providers and well-maintained community modules

Policy & Governance Resources

Access Terraform style guides and module development guides through MCP resources to help AI assistants generate compliant, well-structured infrastructure code

Capabilities

Terraform MCP exposes 7 tools for AI agents. 2 require approval.

4 Read1 Delete2 Execute

Tool	Operation	Risk	Description
`plan` Generates Terraform execution plan	Read	Medium Risk	Generates Terraform execution plan
`apply`Approval Applies Terraform changes to infrastructure	Execute	High Risk	Applies Terraform changes to infrastructure
`destroy`Approval Destroys managed infrastructure	Delete	High Risk	Destroys managed infrastructure
`init` Initializes Terraform workspace	Execute	Low Risk	Initializes Terraform workspace
`validate` Validates configuration syntax	Read	Low Risk	Validates configuration syntax
`output` Shows Terraform output values	Read	Medium Risk	Shows Terraform output values
`state_list` Lists resources in state	Read	Low Risk	Lists resources in state

Use Cases

Strategy-Aligned Use Cases

Infrastructure Documentation & Discovery

AI assistants can query provider documentation and module registries to help engineers find the right resources, understand configuration options, and follow best practices — reducing context-switching between IDE and documentation.

Plan Review & Compliance Checks

Generate execution plans and have AI assistants review them for compliance with organizational policies, cost implications, and security best practices before any changes reach production infrastructure.

Workspace Provisioning Automation

Automate the creation and configuration of Terraform workspaces for new projects, environments, or teams. Standardize variable sets, backend configurations, and run triggers through governed AI workflows.

Infrastructure Inventory & Drift Detection

Use state inspection tools to maintain an up-to-date inventory of deployed infrastructure. AI assistants can identify drift between desired and actual state, flagging resources that have been modified outside of Terraform.

Considerations

Before You Adopt

**Infrastructure Destruction Risk**: The destroy tool can tear down entire environments — a single unreviewed AI action could delete production databases, networking infrastructure, or critical services
**Cost & Budget Exposure**: Apply operations can provision cloud resources that incur immediate and ongoing costs, potentially creating significant unplanned cloud spend without cost estimation checks
**Credential & Secret Access**: Terraform configurations frequently contain or reference cloud provider credentials, API keys, and connection strings that can be exposed through state and output tools
**Blast Radius of Misconfiguration**: A misconfigured security group, IAM policy, or network rule applied through AI can create organization-wide vulnerabilities requiring human review of plan output before apply
**State File Sensitivity**: Terraform state files contain a complete map of deployed infrastructure including resource IDs, IP addresses, and configuration details that should be treated as sensitive

Stratafy Fit

Integration Potential

5/5

Terraform MCP is among the highest-value governance targets for Stratafy. Infrastructure as Code operations carry critical risk — a single unreviewed apply or destroy can cause production outages, security breaches, or runaway cloud costs. Stratafy can enforce mandatory plan review before any apply operation, restrict destroy operations to senior infrastructure roles with multi-party approval, implement cost estimation gates to prevent budget overruns, and maintain comprehensive audit trails that map every AI-initiated infrastructure change to a specific user, role, and approval chain. The combination of high blast radius, financial exposure, and security sensitivity makes Terraform MCP governance essential for any organization allowing AI-assisted infrastructure management.