Skip to content

Terraform CLI

48.0k stars
official Has MCP macOS Linux Cross-platform Actively maintained

The infrastructure-as-code CLI. Plan, apply, and manage cloud resources across AWS, GCP, Azure, and 3,000+ providers with structured JSON output.

Terraform CLI has both a CLI and an MCP server. See when to use each

Part of the Terraform CLI tools for AI agents

What your agent can do

You define your infrastructure in code. A database, a load balancer, DNS records, IAM policies. You change one line and need to know what will happen. Will it recreate the database? Will it cause downtime? Your agent runs `terraform plan -json` and gets a structured diff of every resource that will be created, modified, or destroyed. No guessing, no clicking through a cloud console comparing settings.Terraform's JSON output is comprehensive and machine-readable on every command. `terraform plan -json` streams resource changes as newline-delimited JSON. `terraform show -json` dumps the entire state including every attribute of every resource. `terraform output -json` reads computed values. Your agent parses structured data at every step, not log output.The `-auto-approve` flag makes apply non-interactive. Combined with `-json` for structured output and `-input=false` to reject any prompts, your agent runs the complete plan-apply cycle without human intervention. `terraform plan -out=plan.tfplan -json && terraform apply -auto-approve -json plan.tfplan`. Deterministic, auditable, repeatable.Terraform connects to everything. The provider registry has 3,000+ providers. AWS, GCP, Azure, Vercel, Supabase, Datadog, GitHub, Cloudflare, Stripe — your agent manages resources across all of them from a single tool. One state file tracks the relationships. One `terraform plan` shows what's changing across providers.The insider detail: state locking. When your agent runs `terraform apply`, it acquires a lock on the state file. If another process (or another agent) tries to apply simultaneously, it fails with a lock error instead of corrupting state. This is why Terraform is safe for agent-driven infrastructure management — the locking mechanism prevents the exact failure mode you'd expect from parallel automation.

Limitations

BSL 1.1 license (source-available, not open-source). Cannot be used to compete with HashiCorp's commercial offerings. OpenTofu is the fully open-source fork. State files contain sensitive data and must be stored securely (encrypted S3, Terraform Cloud, etc.). Learning curve for HCL syntax is steeper than imperative scripting. Destructive operations (`destroy`) are irreversible.

Key Commands

terraform plan -json Preview infrastructure changes as structured JSON with resource diffs
terraform apply -auto-approve Apply infrastructure changes without interactive confirmation
terraform show -json Dump the current state as a complete JSON document
terraform output -json Read output values as structured JSON
terraform validate -json Check configuration syntax and internal consistency
terraform state list List all resources currently tracked in state
terraform providers schema -json Output the complete schema for all configured providers

GitHub Stats

repo hashicorp/terraform
stars 48.0k
language Go
license BSL-1.1
last commit Mar 24, 2026

Links

Official documentation developer.hashicorp.com/terraform/cli GitHub repository github.com/hashicorp/terraform Provider registry registry.terraform.io/browse/providers MCP server github.com/hashicorp/terraform-mcp-server

FAQ

Is Terraform CLI free?
Yes for most uses. Terraform CLI is free under the BSL 1.1 license. You cannot use it to build a competing hosted Terraform service, but all other uses (including commercial infrastructure management) are permitted. Install with `brew install terraform` on macOS. For a fully open-source alternative, use OpenTofu (MPL-2.0 fork).
Can AI agents use Terraform CLI?
Yes. Terraform runs fully non-interactive with `-auto-approve`, `-input=false`, and `-json` flags. Every major command outputs structured JSON. The official MCP server (hashicorp/terraform-mcp-server, 1,288 stars) gives agents direct access to Terraform operations. State locking prevents concurrent modifications from corrupting infrastructure state.
What is the difference between Terraform and Pulumi?
Terraform uses HCL (HashiCorp Configuration Language), a declarative domain-specific language. Pulumi uses general-purpose languages (TypeScript, Python, Go). For agents, Terraform's structured JSON output on every command is an advantage — the agent reads plan diffs, state dumps, and validation results as data. Pulumi's general-purpose language gives more flexibility but less structured CLI output.
How does Terraform connect to other tools?
Through providers. The Terraform Registry has 3,000+ providers including AWS, GCP, Azure, Vercel, Supabase, Datadog, GitHub, Cloudflare, and more. Your agent writes HCL configuration referencing providers, runs `terraform plan -json` to preview changes, and `terraform apply` to execute. One state file tracks resources across all providers. One tool manages your entire infrastructure stack.
What is the Terraform MCP server?
hashicorp/terraform-mcp-server (1,288 stars) is the official MCP server that gives AI agents direct access to Terraform operations. It supports plan, apply, state inspection, and resource management through the Model Context Protocol. Your agent connects via MCP instead of shelling out to the CLI, getting structured responses without output parsing.

Related tools in Cloud & Infra

AWS CLI official
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg" && sudo installer -pkg AWSCLIV2.pkg -target /
category Cloud & Infra
Amazon's official command-line tool for managing AWS services. Control EC2, S3, Lambda, IAM, and 200+ services from the terminal.
16.8k
Vercel CLI official
npm i -g vercel
category Cloud & Infra
Vercel's official command-line interface. Deploy, preview, and manage web applications, serverless functions, and edge infrastructure from your terminal.
15.0k
Docker CLI official
brew install --cask docker
category Cloud & Infra
Docker's official command-line tool for building, running, and managing containers. Pull images, start services, inspect logs, and orchestrate multi-container apps from the terminal.
5.7k
Firebase CLI official
brew install firebase-cli
category Cloud & Infra
The official Firebase CLI. Deploy Cloud Functions, manage Firestore indexes, serve hosting locally, and orchestrate your Firebase project with structured JSON output.
4.4k

Last verified: Mar 25, 2026