Skip to main content

Announcing StackOne Defender: leading open-source prompt injection guard for your agent Read More

Connect

Connectors Agent Auth MCP Connector Builder

Optimize

Tool Discovery Falcon Engine

Secure

Defender
Connectors

HRIS / HCM

Employee Onboarding Employee Offboarding

Recruiting

Application Screening Interview Scheduling

Customer Support

Ticket Triage Voice Call Summarization

Sales & CRM

Deal Risk Scoring Lead Qualification

Accounting & Finance

Invoice Processing Month-End Accruals

Marketing

Campaign Reports Lead Nurture Sequences
View all use cases

Developers

Docs Changelog Status

Learn

Blog Case Studies Events Partners
Pricing
Login Book Demo Start Free

Terraform MCP Server
for AI Agents

Production-ready Terraform MCP server with 118 extensible actions — plus built-in authentication, security, and optimized execution.

Start Free Book Demo Read Docs →
Terraform logo
Terraform MCP Server
Built by StackOne StackOne

Coverage

118 Agent Actions

Create, read, update, and delete across Terraform — and extend your agent's capabilities with custom actions.

MCP Actions → Create Actions →

Authentication

Agent Tool Authentication

Per-user OAuth in one call. Your Terraform MCP server gets session-scoped tokens with zero credentials stored on your infra.

Agent Auth →

Security

Agent Protection

Every Terraform tool response scanned for prompt injection in milliseconds — 88.7% accuracy, all running on CPU.

Prompt Injection Defense →

Performance

Max Agent Context. Min Cost.

Free up to 96% of your agent's context window to enhance reasoning and reduce cost, on every Terraform call.

Tools Discovery →

What is the Terraform MCP Server?

A Terraform MCP server lets AI agents read and write Terraform data through the Model Context Protocol — Anthropic's open standard for connecting LLMs to external tools. StackOne's Terraform MCP server ships with 118 pre-built actions, fully extensible via the Connector Builder — plus managed authentication, prompt injection defense, and optimized agent context. Connect it from MCP clients like Claude Desktop, Cursor, and VS Code, or from agent frameworks like OpenAI Agents SDK, LangChain, and Vercel AI SDK.

All Terraform MCP Tools and Actions

Every action from Terraform's API, ready for your agent. Create, read, update, and delete — scoped to exactly what you need.

Configuration Versions

  • Create Configuration Version

    Create a new configuration version for uploading configuration files.

  • List Configuration Versions

    List configuration versions for a workspace.

  • Get Configuration Version

    Retrieve details about a specific configuration version.

  • Download Configuration Version

    Download configuration files for a configuration version.

Notification Configurations

  • Create Notification Configuration

    Create a notification configuration for a workspace.

  • List Notification Configurations

    List notification configurations for a workspace.

  • Get Notification Configuration

    Retrieve details about a notification configuration.

  • Update Notification Configuration

    Update a notification configuration.

  • Delete Notification Configuration

    Delete a notification configuration.

Organizations

  • Create Organization

    Create a new organization.

  • List Organizations

    List all organizations the user has access to.

  • Get Organization

    Retrieve details about a specific organization.

  • Update Organization

    Update an existing organization's settings.

  • Delete Organization

    Delete an organization and all its resources.

Organization Memberships

  • List Organization Memberships

    List all memberships for an organization.

  • Get Organization Membership

    Retrieve details about a specific organization membership.

Plan Exports

  • Create Plan Export

    Export a plan for external use.

  • Get Plan Export

    Retrieve details about a plan export.

  • Download Plan Export

    Get download URL for an exported plan.

  • Delete Plan Export

    Delete an exported plan.

Projects

  • Create Project

    Create a new project in an organization.

  • List Projects

    List all projects in an organization.

  • Get Project

    Retrieve details about a specific project.

  • Update Project

    Update an existing project's configuration.

  • Delete Project

    Delete an empty project.

Project Tag Bindings

  • List Project Tag Bindings

    List tags bound to a project.

  • Update Project Tag Bindings

    Add or update tag bindings on a project.

Runs

  • Create Run

    Create a new run in a workspace.

  • Get Run

    Retrieve details about a specific run.

Policy Checks

  • List Policy Checks

    List policy checks for a run.

  • Get Policy Check

    Retrieve details about a specific policy check.

Run Comments

  • Create Run Comment

    Add a comment to a run.

  • List Run Comments

    List comments on a run.

Run Triggers

  • Create Run Trigger

    Create a run trigger to connect workspaces.

  • List Run Triggers

    List all run triggers for a workspace.

  • Get Run Trigger

    Retrieve details about a specific run trigger.

  • Delete Run Trigger

    Delete a run trigger.

State Versions

  • Create State Version

    Create a new state version for a workspace.

  • List State Versions

    List state versions for a workspace.

  • Get State Version

    Retrieve details about a specific state version.

State Version Outputs

  • List State Version Outputs

    List outputs for a state version.

  • Get State Version Output

    Retrieve a specific state version output.

Teams

  • Create Team

    Create a new team in an organization.

  • List Teams

    List all teams in an organization.

  • Get Team

    Retrieve details about a specific team.

  • Update Team

    Update an existing team's configuration.

  • Delete Team

    Delete a team from an organization.

Workspace Variables

  • Create Workspace Variable

    Create a new variable in a workspace.

  • List Workspace Variables

    List all variables in a workspace.

  • Update Workspace Variable

    Update an existing workspace variable.

  • Delete Workspace Variable

    Delete a variable from a workspace.

Variable Sets

  • Create Variable Set

    Create a new variable set in an organization.

  • List Variable Sets

    List all variable sets for an organization.

  • Get Variable Set

    Retrieve details about a specific variable set.

  • Update Variable Set

    Update an existing variable set.

  • Delete Variable Set

    Delete a variable set.

Workspaces

  • Create Workspace

    Create a new workspace in an organization.

  • List Workspaces

    List all workspaces in an organization.

  • Get Workspace

    Retrieve details about a specific workspace.

  • Update Workspace

    Update an existing workspace's configuration.

  • Delete Workspace

    Delete a workspace and all its data.

Workspace Tags

  • Add Workspace Tags

    Add tags to a workspace.

  • Get Workspace Tags

    List tags attached to a workspace.

  • Delete Workspace Tags

    Remove tags from a workspace.

Remote State Consumers

  • Add Remote State Consumers

    Add workspaces that can access this workspace's state.

  • Get Remote State Consumers

    List workspaces that can access this workspace's state.

  • Delete Remote State Consumers

    Remove workspaces from accessing this workspace's state.

Other (51)

  • Add Members To Team

    Add organization members to a team by organization membership ID.

  • Add Variable To Set

    Add a variable to a variable set.

  • Get Account Details

    Retrieve details about the authenticated user's account.

  • Get Configuration Version Commit Info

    Retrieve commit information for a configuration version.

  • Download Run Configuration Version

    Download configuration files for a run.

  • Get Cost Estimate

    Retrieve a cost estimate for a run.

  • Get Organization Entitlements

    Retrieve the entitlement set for an organization.

  • List Own Memberships

    List the current user's organization memberships.

  • Get Plan

    Retrieve details about a specific plan.

  • Get Plan JSON Output

    Retrieve the JSON execution plan by plan ID.

  • Get Run Plan JSON Output

    Retrieve the JSON execution plan by run ID.

  • Get Apply

    Retrieve details about a specific apply.

  • Get Errored State

    Recover state from a failed apply.

  • List Runs In Workspace

    List all runs for a specific workspace.

  • List Runs In Organization

    List all runs across an organization.

  • Get Current State Version

    Retrieve the current state version for a workspace.

  • Get Current State Version Outputs

    List outputs from the current state version of a workspace.

  • Get User

    Retrieve details about a specific user.

  • List Project Variable Sets

    List all variable sets for a project.

  • List Workspace Variable Sets

    List all variable sets for a workspace.

  • List Variable Set Variables

    List all variables in a variable set.

  • Get Workspace By ID

    Retrieve details about a workspace using its ID.

  • Move Workspaces To Project

    Move workspaces into a project.

  • Update Variable In Set

    Update a variable in a variable set.

  • Remove User From Organization

    Remove a user from an organization.

  • Delete Members From Team

    Delete organization members from a team by organization membership ID.

  • Delete Variable From Set

    Delete a variable from a variable set.

  • Remove Variable Set From Workspaces

    Remove a variable set from one or more workspaces.

  • Remove Variable Set From Projects

    Remove a variable set from one or more projects.

  • Archive Configuration Version

    Archive a configuration version.

  • Soft Delete Configuration Version

    Mark a configuration version for garbage collection (Enterprise only).

  • Restore Configuration Version

    Restore a configuration version marked for garbage collection (Enterprise only).

  • Permanently Delete Configuration Version

    Permanently delete a configuration version (Enterprise only).

  • Invite User To Organization

    Invite a user to join an organization.

  • Apply Run

    Apply a planned run.

  • Discard Run

    Discard a run that has not been applied.

  • Cancel Run

    Cancel a run that is currently planning or applying.

  • Force Cancel Run

    Forcefully cancel a run after normal cancel has been initiated.

  • Force Execute Run

    Force execute a pending run.

  • Override Policy Check

    Override a soft-mandatory policy check.

  • Rollback State Version

    Rollback to a previous state version.

  • Soft Delete State Version

    Mark a state version for garbage collection (Enterprise only).

  • Restore State Version

    Restore a state version marked for garbage collection (Enterprise only).

  • Permanently Delete State Version

    Permanently delete a state version (Enterprise only).

  • Apply Variable Set To Workspaces

    Apply a variable set to one or more workspaces.

  • Apply Variable Set To Projects

    Apply a variable set to one or more projects.

  • Safe Delete Workspace

    Safely delete a workspace only if it has no managed resources.

  • Lock Workspace

    Lock a workspace to prevent new runs.

  • Unlock Workspace

    Unlock a workspace to allow new runs.

  • Force Unlock Workspace

    Force unlock a workspace locked by another user.

  • Assign SSH Key

    Assign an SSH key to a workspace.

Set Up Your Terraform MCP Server in Minutes

One endpoint. Any framework. Your agent is talking to Terraform in under 10 lines of code.

MCP Clients

Agent Frameworks

Claude Desktop
{
  "mcpServers": {
    "stackone": {
      "command": "npx",
      "args": [
        "-y",
        "mcp-remote@latest",
        "https://api.stackone.com/mcp?x-account-id=<account_id>",
        "--header",
        "Authorization: Basic <YOUR_BASE64_TOKEN>"
      ]
    }
  }
}

More Developer Tools MCP Servers

Azure DevOps

172+ actions

Cloudflare

137+ actions

Bitbucket

134+ actions

Supabase

128+ actions

GitLab

125+ actions

OneLogin

109+ actions

LaunchDarkly

85+ actions

All Developer Tools MCP Servers →

Terraform MCP Server Resources

MCP Code Mode: Keeping Tool Responses Out of Agent Context

Anthropic's code_execution processes data already in context. Custom MCP code mode keeps raw tool responses in a sandbox. 14K tokens vs 500.

11 min

Comparing BM25, TF-IDF, and Hybrid Search for MCP Tool Discovery

Benchmarking BM25, TF-IDF, and hybrid search for MCP tool discovery across 916 tools. The 80/20 TF-IDF/BM25 hybrid hits 21% Top-1 accuracy in under 1ms.

10 min

Indirect Prompt Injection Defense for MCP Tools: A Technical Guide

MCP tools that read emails, CRM records, and tickets are indirect prompt injection vectors. Here's how we built a two-tier defense that scans tool results in ~11ms.

12 min

Terraform MCP Server FAQ

Terraform MCP server vs direct API integration — what's the difference?
A Terraform MCP server and direct API integration serve different use cases. Direct API integration is for software-to-software — backend code calling Terraform. A Terraform MCP server is for AI agents — MCP clients like Claude and Cursor, plus framework agents built with OpenAI, LangChain, or Vercel AI — discovering and calling Terraform at runtime. StackOne provides both.
How does Terraform authentication work for AI agents?
Terraform authentication for AI agents works through a StackOne Connect Session. Create one via the dashboard or the SDK — you get an auth link and ready-to-paste config for Claude Desktop, Cursor, and other MCP clients. Your user authenticates their own Terraform account; StackOne handles token exchange, storage, and refresh. Credentials never reach the LLM, and each user is isolated via origin_owner_id.
Are Terraform MCP tools vulnerable to prompt injection?
Yes — Terraform MCP tools can be vulnerable to indirect prompt injection. Any tool that reads user-written content — documents, messages, tickets, records, or free-text fields — is a potential vector. StackOne Defender scans every tool response before it enters the agent's context — regex patterns in ~1ms, then a MiniLM classifier in ~4ms. 88.7% accuracy, CPU-only.
What is the context bloat of a Terraform agent and how do I avoid it?
Context bloat happens when Terraform tool schemas and API responses eat your Terraform agent's memory, preventing it from reasoning effectively. A single Terraform query can return a massive JSON response, and connecting multiple tools compounds the problem. Tools Discovery and Code Mode reduce context bloat — loading only relevant tools per query and keeping raw responses out of the agent's context.
Can I limit which actions my Terraform agent can access?
Yes — you can limit which actions your Terraform agent can access directly from the StackOne dashboard. Toggle actions on or off, or restrict them to specific accounts, with no code changes to your agent. Session tokens can be scoped to exact actions so if one leaks, exposure stays contained.
Can I create custom agent actions for my Terraform MCP server?
Yes — you can create custom agent actions for your Terraform MCP server using Connector Builder. It's an integration agent your coding assistant (Claude Code, Cursor, or Copilot) can invoke to research Terraform's API, generate production-ready connector YAML, test against the live API, and validate before you ship.
When should I NOT use a Terraform MCP server?
Skip a Terraform MCP server if your integration is purely software-to-software — direct Terraform API integration is simpler when no AI agent is involved. For deterministic, compliance-critical operations (financial transactions, regulatory reporting), direct API gives you predictable behavior without agent-driven decision-making. MCP shines when AI agents need to dynamically discover and call Terraform actions at runtime.
What AI frameworks and AI clients does the StackOne Terraform MCP server support?
The StackOne Terraform MCP server supports both. MCP clients (paste-and-go apps): Claude Desktop, Claude Code, Cursor, VS Code, Goose. Agent frameworks (code SDKs you build with): OpenAI Agents SDK, Anthropic, Vercel AI, Google ADK, CrewAI, Pydantic AI, LangChain, LangGraph, Azure AI Foundry.

Put your AI agents to work

All the tools you need to build and scale AI agent integrations, with best-in-class connectivity, execution, and security.

Start Free Book Demo