# AWS Terraform MCP Server

## Overview

* AWS has open-sourced an MCP server specifically for using Terraform on AWS
* It includes things like best practices, security scanning (checkov), documentation, and more
* While AI is capable of writing Terraform, this provides it with more prescriptive and up-to-date guidance

***

## Installation

{% hint style="danger" %}
Always review the source code for MCP servers to avoid running malicious code or commands. 
{% endhint %}

### Pre-Requisites

* The following are required before the server will run

{% code overflow="wrap" %}

```bash
brew install uv terraform checkov
uv python install 3.10
```

{% endcode %}

### MCP Setup

* First, install the [VS Code extension](https://insiders.vscode.dev/redirect/mcp/install?name=Terraform%20MCP%20Server\&config=%7B%22command%22%3A%22uvx%22%2C%22args%22%3A%5B%22awslabs.terraform-mcp-server%40latest%22%5D%2C%22env%22%3A%7B%22FASTMCP_LOG_LEVEL%22%3A%22ERROR%22%7D%2C%22disabled%22%3Afalse%2C%22autoApprove%22%3A%5B%5D%7D) for the MCP server

<figure><img src="https://2721275171-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F8yu8YbDfwd1VqEdUxGyA%2Fuploads%2Fl666mp5rYviNljLEDtyO%2FCleanShot%202026-02-27%20at%2012.12.16%402x.png?alt=media&#x26;token=dfce965a-5c24-4222-b558-cb6b2b8625f6" alt="" width="563"><figcaption></figcaption></figure>

* Then run the installation command below to add the MCP server to your `~/.claude.json` configuration
  * `--scope`&#x20;
    * setting to `user` will enable us to the MCP server anytime otherwise&#x20;
    * setting to `project` will only use the MCP server within a project directory e.g., `my-project-folder/project-code`

{% code overflow="wrap" %}

```bash
claude mcp add --scope user -e FASTMCP_LOG_LEVEL=ERROR -- awslabs-terraform-mcp-server uvx awslabs.terraform-mcp-server@latest
```

{% endcode %}

* Alternatively, you can copy/paste this into your `~/.cluade.json` file for the same effect but the previous CLI command is recommended to avoid issues

{% code overflow="wrap" %}

```json
"mcpServers": {
    "awslabs.terraform-mcp-server": {
      "command": "uvx",
      "args": ["awslabs.terraform-mcp-server@latest"],
      "env": {
        "FASTMCP_LOG_LEVEL": "ERROR"
      },
      "disabled": false,
      "autoApprove": []
    }
  }
```

{% endcode %}

### MCP Health Checks

* Check to ensure the MCP server is running

{% code overflow="wrap" %}

```
claude mcp list
Checking MCP server health...

awslabs-terraform-mcp-server: uvx awslabs.terraform-mcp-server@latest - ✓ Connected
```

{% endcode %}

### MCP Configuration

* The GitHub repo for this particular AWS Terraform MCP server can be [found here](https://github.com/awslabs/mcp/tree/main/) so be sure to review all the code it can run
* Additionally, the MCP code gets cached locally and since we installed this with `uv` we can find the data in these paths

{% hint style="info" %}
The `*` will be unique to your environment
{% endhint %}

{% code overflow="wrap" %}

```bash
~.cache/uv/*/*/lib/*/site-packages/awslabs/terraform_mcp_server/impl/resources/
~.cache/uv/*/*/lib/*/site-packages/awslabs/terraform_mcp_server/impl/tools/
~.cache/uv/*/*/lib/*/site-packages/awslabs/terraform_mcp_server/impl/models/
~.cache/uv/*/*/lib/*/site-packages/awslabs/terraform_mcp_server/impl/scripts/
~.cache/uv/*/*/lib/*/site-packages/awslabs/terraform_mcp_server/impl/static/
```

{% endcode %}

***

## Resources

* <https://awslabs.github.io/mcp/servers/terraform-mcp-server>