Tfmcp - AI Tool Review & Alternatives | Flaex AI

VERIFIED

Tfmcp

Safety: 55/100

0.0(0)

tfmcp is a CLI tool and MCP server enabling AI assistants to manage Terraform configurations, offering features from plan analysis to security controls.

MCP ServersFreemium

Boost this tool

Subscribe to listing upgrades or segmented pushes.

Overview

tfmcp is a CLI tool and MCP server enabling AI assistants to manage Terraform configurations, offering features from plan analysis to security controls.

tfmcp offers robust security features, but its safety depends heavily on proper configuration. It is safe for read-only operations and analysis. Risky operations like applying changes should only be enabled with caution and thorough review of plans.

Performance depends on the complexity of the Terraform configuration and the speed of the Terraform CLI. Caching is used to improve performance.

Cost implications depend on the resources managed by Terraform. Consider the cost of API calls and the resources provisioned.

CloudRust354 starsMITReleased 12/28/2025CI/CD

Connections & Capabilities

Connects To

GitHubDocker

Capabilities

ReadWriteExecAdmin

Client Compatibility

Claude Desktop

full

Cursor

untested

Windsurf

untested

VS Code (Copilot)

untested

Quickstart

Install

cargo install tfmcp

Claude Desktop Config

{
  "mcpServers": {
    "tfmcp": {
      "command": "/path/to/your/tfmcp",  // Replace with the actual path from step 2
      "args": ["mcp"],
      "env": {
        "HOME": "/Users/yourusername",  // Replace with your username
        "PATH": "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin",
        "TERRAFORM_DIR": "/path/to/your/terraform/project"  // Optional: specify your Terraform project
      }
    }
  }
}

Environment Variables

TFMCP_LOG_LEVELTFMCP_ALLOW_DANGEROUS_OPSTFMCP_ALLOW_AUTO_APPROVETFMCP_MAX_RESOURCESTFMCP_AUDIT_ENABLEDTFMCP_AUDIT_LOG_SENSITIVE

Tools (12)

safe

init_terraform

Initializes a Terraform working directory to prepare for operations.

Initializes the directory but does not modify infrastructure.

safe

get_terraform_plan

Generates an execution plan showing proposed changes to infrastructure.

Read-only operation; does not modify infrastructure.

critical

apply_terraform

Applies the Terraform configuration to create or modify infrastructure.

Modifies infrastructure and can cause irreversible changes.

critical

destroy_terraform

Destroys all Terraform-managed infrastructure.

Destroys infrastructure and can cause significant data loss.

moderate

terraform_workspace

Manages Terraform workspaces, allowing you to switch between different environments.

Can modify the active workspace, potentially affecting subsequent operations.

moderate

terraform_import

Imports existing resources into Terraform management.

Adds resources to the state, which can affect future plans.

high

terraform_taint

Taints or untaints resources, forcing them to be recreated on the next apply.

Forces resource recreation, potentially causing downtime.

safe

terraform_refresh

Refreshes the Terraform state to reflect the current state of the infrastructure.

Updates the state but does not modify infrastructure.

moderate

terraform_fmt

Formats Terraform code to adhere to a consistent style.

Modifies code formatting, which could introduce unintended changes if not reviewed.

safe

terraform_graph

Generates a dependency graph of Terraform resources.

Read-only operation; does not modify infrastructure.

safe

terraform_output

Retrieves output values from the Terraform state.

Read-only operation; does not modify infrastructure.

safe

terraform_providers

Gets information about the Terraform providers used in the configuration.

Read-only operation; does not modify infrastructure.

Security

Auth Method

Environment Variable

Data Locality

cloud

Known Risks

!Unintended infrastructure changes if `TFMCP_ALLOW_DANGEROUS_OPS` is enabled without proper review.
!Exposure of sensitive data in Terraform state if access controls are not properly configured.
!Potential for privilege escalation if environment variables are compromised.
!Risk of misconfiguration leading to security vulnerabilities.
!Dependency on Terraform CLI introduces potential vulnerabilities if the CLI is outdated.

Safety Score

moderate risk

Positive

+Dangerous operations like apply/destroy are disabled by default.
+Includes audit logging for tracking all operations.
+Offers configurable resource limits to prevent over-provisioning.
+Provides built-in protection against accessing sensitive file patterns.
+Supports directory validation to enforce security policies.

Risks

-Enables write operations, potentially leading to infrastructure changes.
-Requires careful configuration to prevent unintended resource modifications.
-Relies on environment variables for security settings, which can be misconfigured.
-Access to Terraform state allows for potential data exposure if not properly secured.
-If `TFMCP_ALLOW_DANGEROUS_OPS` is enabled, destructive actions are possible.

Use Cases

Infrastructure Automation

-Automating the creation and management of cloud resources.
-Implementing infrastructure as code for version control and collaboration.
-Orchestrating complex deployments across multiple environments.

Security and Compliance

-Enforcing security policies and best practices through code.
-Auditing infrastructure changes and identifying potential vulnerabilities.
-Automating compliance checks and generating reports.

Cost Optimization

-Analyzing infrastructure costs and identifying areas for optimization.
-Automating the scaling of resources based on demand.
-Implementing cost-saving measures such as reserved instances.

Disaster Recovery

-Automating the creation of backup and recovery infrastructure.
-Implementing failover mechanisms to ensure business continuity.
-Testing disaster recovery plans and validating their effectiveness.

Who Is This For?

Best For

Infrastructure engineers
DevOps teams
Security engineers
Cloud architects
Organizations adopting infrastructure as code

Not Ideal For

Organizations without Terraform expertise
Environments where manual infrastructure management is preferred
Scenarios requiring real-time infrastructure changes without review

Autonomy & Execution

Default ModeConfigurable

Dry RunSandboxed

Autonomy is limited by the configuration and enabled tools. Dangerous operations are disabled by default and require explicit enablement.

StatelessYes

Retry LogicNot documented

ConcurrencySingle-threaded

Production Tip

Carefully review and test all Terraform plans before applying them in production environments.

FAQ

How do I enable dangerous operations like apply and destroy?

Set the `TFMCP_ALLOW_DANGEROUS_OPS` environment variable to `true`.

Where are the audit logs stored?

Audit logs are stored at `~/.tfmcp/audit.log` by default. The location can be customized using the `TFMCP_AUDIT_LOG_FILE` environment variable.

How do I control the logging verbosity?

Set the `TFMCP_LOG_LEVEL` environment variable to `debug`, `info`, `warn`, or `error`.

Can I use tfmcp with Docker?

Yes, tfmcp provides Docker support. See the documentation for instructions on building and running the Docker image.

How do I integrate tfmcp with Claude Desktop?

Configure Claude Desktop with the path to the tfmcp executable and the necessary environment variables.

What security measures are in place to protect my infrastructure?

tfmcp includes access controls, operation restrictions, resource limits, and audit logging to enhance security.

Does tfmcp support Terraform workspaces?

Yes, tfmcp supports Terraform workspaces, allowing you to manage different environments.

Key Features

Terraform Plan Analysis - Allows AI to interpret and summarize deployment plans before changes are applied.

Configuration Inspection - Enables AI assistants to read and validate Terraform source files for correctness.

State Management - Provides tools for AI to query and interact with the current infrastructure state.

CLI Tool - Offers a command-line interface for direct interaction with Terraform environments.

MCP Server Integration - Connects Terraform operations directly into the Model Context Protocol ecosystem for AI agents.

Claude Desktop Support - Enables native integration with the Claude Desktop application for seamless workflow automation.

Use Cases & Problems Solved

Use Cases

•Use when you want to automate the execution of 'terraform plan' directly from your Claude Desktop interface to verify infrastructure changes.
•Perfect for developers who need to quickly query the current state of Terraform managed resources without switching context to the terminal.
•Ideal if you need to provide an AI assistant with the ability to safely inspect Terraform configuration files for potential misconfigurations or security risks.
•Great for DevOps engineers aiming to bridge the gap between natural language prompts and complex infrastructure deployments.
•Use when performing peer code reviews on Terraform modules to have an AI suggest improvements or validate existing logic against the current state.
•Perfect for streamlining manual operational tasks like refreshing state or validating syntax within an integrated AI development environment.

Problems Solved

✓Eliminates the cognitive load of constantly switching between IDEs, terminal windows, and Terraform documentation.
✓Reduces errors in infrastructure deployment by allowing AI-assisted analysis of Terraform plans before actual execution.
✓Removes the friction of manually parsing verbose Terraform CLI outputs by summarizing them into actionable insights.
✓Solves the challenge of managing infrastructure state across distributed teams by providing a unified MCP-based interface.

Who It's For

Cloud Infrastructure EngineersDevOps PractitionersSite Reliability Engineers (SREs)Backend Developers managing their own IaCPlatform Engineers

Metrics

Discovered2/14/2026

Reviews0

Saved By0 users

Tfmcp

Overview

Connections & Capabilities

Connects To

Capabilities

Client Compatibility

Quickstart

Install

Claude Desktop Config

Environment Variables

Tools (12)

Security

Safety Score

Positive

Risks

Use Cases

Infrastructure Automation

Security and Compliance

Cost Optimization

Disaster Recovery

Who Is This For?

Best For

Not Ideal For

Autonomy & Execution

FAQ

How do I enable dangerous operations like apply and destroy?

Where are the audit logs stored?

How do I control the logging verbosity?

Can I use tfmcp with Docker?

How do I integrate tfmcp with Claude Desktop?

What security measures are in place to protect my infrastructure?

Does tfmcp support Terraform workspaces?

Key Features

Use Cases & Problems Solved

Use Cases

Problems Solved

Who It's For

Metrics

Related Tools