binadox-public/binadox-terraform-mcp
If you are the rightful owner of binadox-terraform-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
Model Context Protocol server enabling LLMs to generate, analyze, and estimate costs for Terraform infrastructure code.
Terraform MCP Server
The Problem
You're using ChatGPT or Claude to generate Terraform code. It works great - until you discover that "simple" configuration costs $800/month in production. Or that the generated security groups expose your database to the internet. Or that the code doesn't even run because it's missing provider configurations.
This MCP server solves these problems by adding cost analysis and quality checks directly into your LLM workflow.
What It Does
When you ask Claude to generate Terraform, this server:
- Validates the generated code - ensures it's complete and runnable
- Calculates actual costs - shows you the monthly bill before you deploy
- Checks for security issues - catches misconfigurations before production
- Organizes the output - splits monolithic code into proper file structure
No more surprise AWS bills. No more debugging LLM-generated configs. No more security incidents from AI hallucinations.
Real Example
You: Create terraform for a kubernetes cluster
Claude (without MCP): Here's your EKS cluster configuration...
[generates 200 lines of terraform]
You: *deploys it*
AWS Bill: $673/month 😱
Security Audit: Database exposed to 0.0.0.0/0 🚨
Terraform: Error - required provider version constraint missing ❌
You: Create terraform for a kubernetes cluster
Claude (with MCP): I'll create an EKS cluster configuration and analyze it...
[generates proper multi-file structure]
Cost Analysis: $673/month (3 nodes @ $91/each, NAT Gateway $45, EKS $73)
Security: ⚠️ Warning - RDS backup retention only 7 days
Alternative: Consider using Fargate for $240/month or spot instances for $201/month
You: That's too expensive, use spot instances
Claude: Updated configuration with spot instances...
New cost: $201/month (70% savings)
How It Works
The server acts as a bridge between Claude and your Terraform workflow:
- Claude generates Terraform based on your request
- MCP server intercepts the code and validates it
- Cost analysis runs showing exact monthly/hourly costs
- Security scan identifies issues before you deploy
- You get informed feedback to make better decisions
Key Features
-
Snippet Augmentation: LLMs often generate incomplete Terraform. The server detects missing provider blocks, terraform configuration, and variables - then automatically completes them.
-
Smart File Organization: Instead of one giant main.tf, the server splits resources into logical files (networking.tf, compute.tf, database.tf) following HashiCorp best practices.
-
Cost Breakdown: Not just a total, but itemized costs by resource. Know exactly what that NAT Gateway or RDS instance will cost before terraform apply.
-
Security Validation: Catches common LLM mistakes like open security groups, missing encryption, excessive IAM permissions.
Installation
# Clone and build
git clone https://github.com/binadox/binadox-terraform-mcp
cd binadox-terraform-mcp
go build -o terraform-mcp-server *.go
# Add to Claude Desktop config
# macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
# Windows: %APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"terraform": {
"command": "/path/to/terraform-mcp-server",
"env": {
"TERRAFORM_ANALYSIS_URL": "https://app.binadox.com/api/1/organizations/pricing/terraform/mcp",
"TERRAFORM_ANALYSIS_TOKEN": "your-token"
}
}
}
}
# Restart Claude Desktop
Common Use Cases
The "Quick POC that becomes production" Trap
You: Generate terraform for a simple demo environment
Claude: [creates seemingly innocent config]
Cost Analysis: $1,847/month ⚠️
- m5.2xlarge instances (overkill for demo)
- Multi-AZ RDS (unnecessary for POC)
- NAT Gateways in 3 AZs ($135/month alone)
The "LLM Security Hallucination" Problem
You: Create an RDS database with security group
Claude: [generates config]
Security Analysis: 🚨 CRITICAL
- Database allows connections from 0.0.0.0/0
- No encryption at rest enabled
- Backup retention only 1 day
The "Incomplete Code" Issue
You: Add this to my terraform: resource "aws_s3_bucket" "data" { bucket = "my-data" }
Claude (without MCP): [adds the snippet as-is]
Result: Terraform fails - no provider configuration
Claude (with MCP): [detects incomplete code]
Augments with: provider block, terraform version, proper variables
Result: Working configuration ready to deploy
Technical Details
The server implements three MCP tools:
prepare_terraform- Validates and saves Terraform configurationsanalyze_terraform- Runs security and best practice checkscalculate_cost- Estimates costs using real cloud pricing data
Files are saved to /tmp/terraform/ with timestamps and automatic ZIP packaging.
Why This Exists
LLMs are great at generating Terraform code, but they:
- Don't know current cloud pricing
- Can't validate their own output
- Often generate insecure defaults
- Create incomplete configurations
This server fixes these issues at the source - during generation, not after deployment.
API Requirements
Cost analysis requires a Binadox API token. Binadox provides real-time cloud pricing data across AWS, Azure, and GCP. Get your token at binadox.com.
Documentation
- - Technical deep dive
- - Common prompts and patterns
- - Test scenarios
- - Production setup
Contributing
Main extension points:
tools.go- Add new analysis tools (tflint, checkov, etc.)file_utils.go- Customize file organization logicsnippet_handler.go- Improve snippet detection
License
Apache 2.0