Back to Home
liuwuliuyun icon

tf-mcp-server

Verified Safe

by liuwuliuyun

View Source

Overview

An MCP server for AI assistants to manage Azure infrastructure-as-code (IaC) using Terraform, providing documentation, security validation, code generation, and state management capabilities.

Installation

Run Command
docker run --rm -i --name tf-mcp-server-instance -v "$(pwd):/workspace" -e LOG_LEVEL=INFO -e ARM_CLIENT_ID=$ARM_CLIENT_ID -e ARM_CLIENT_SECRET=$ARM_CLIENT_SECRET -e ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID -e ARM_TENANT_ID=$ARM_TENANT_ID ghcr.io/liuwuliuyun/tf-mcp-server:latest

Environment Variables

  • ARM_CLIENT_ID
  • ARM_CLIENT_SECRET
  • ARM_SUBSCRIPTION_ID
  • ARM_TENANT_ID
  • APPLICATIONINSIGHTS_CONNECTION_STRING
  • GITHUB_TOKEN
  • LOG_LEVEL
  • MCP_DEBUG
  • MCP_SERVER_HOST
  • MCP_SERVER_PORT
  • MCP_WORKSPACE_ROOT
  • TELEMETRY_ENABLED
  • TELEMETRY_SAMPLE_RATE
  • TF_LOG
  • TF_LOG_PATH

Security Notes

The server heavily relies on executing external CLI tools (Terraform, TFLint, Conftest, aztfexport, Azure CLI) via subprocesses. Inputs to these commands are generally handled via tool arguments, some of which are Pydantic validated or split using `shlex.split` to mitigate injection risks. AVM module downloads involve `tarfile.extractall` into a temporary directory, which could be vulnerable to zip slip if not carefully handled. The Docker container runs as a non-root user. Azure authentication secrets and GitHub tokens are expected via environment variables, not hardcoded. Overall, designed with security in mind for its operational context, but external execution and archive extraction always carry inherent risks.

Similar Servers

terraform-mcp-server

1147

Provides seamless integration with Terraform Registry APIs and HCP Terraform/Terraform Enterprise APIs, enabling AI assistants/LLMs to generate high-quality Terraform code and automate IaC workflows.

Other
8
$Medium

tfmcp

350

A CLI tool and MCP server that enables LLMs to analyze, manage, and operate Terraform configurations and infrastructure environments.

Other
9
$Medium

mcp-server-azure-devops

310

This server provides an AI agent with tools to interact with Azure DevOps services, including searching code, wikis, and work items, managing pull requests, retrieving project details, and handling pipeline operations.

Other
9
$Medium

aws-mcp-server

165

The AWS MCP Server allows AI assistants to execute AWS CLI commands and access AWS environment context, providing a powerful interface for cloud management and automation.

Other
7
$High

Stats

Interest Score17
Security Score8
Cost ClassHigh
Avg Tokens1500
Stars1
Forks4
Last Update2025-12-30

Tags

AzureTerraformIaCMCPDocumentationSecurityValidationDevOpsCode GenerationState ManagementTFLintConftestaztfexport