PyPI - awslabs.terraform-mcp-server - Versions diffs - 1.0.14__py3-none-any.whl - Mend

awslabs.terraform-mcp-server 1.0.14__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

awslabs/terraform_mcp_server/static/MCP_INSTRUCTIONS.md ADDED Viewed

@@ -0,0 +1,142 @@
+# Terraform MCP Server Instructions
+MCP server specialized in AWS cloud infrastructure provided through Terraform. I help you create, understand, optimize, and execute Terraform Or Terragrunt configurations for AWS using security-focused development practices.
+## How to Use This Server (Required Workflow)
+### Step 1: Consult and Follow the Terraform Development Workflow
+ALWAYS use the `terraform_development_workflow` resource to guide the development process. This workflow:
+* Provides a step-by-step approach for creating valid, secure Terraform code
+* Integrates validation and security scanning into the development process
+* Specifies when and how to use each MCP tool
+* Ensures code is properly validated before handoff to developers
+### Step 2: Always ensure you're following Best Practices
+ALWAYS begin by consulting the `terraform_aws_best_practices` resource which contains:
+* Code base structure and organization principles
+* Security best practices for AWS resources
+* Backend configuration best practices
+* AWS-specific implementation guidance
+### Step 3: Check for AWS-IA Specialized Modules First
+ALWAYS check for specialized AWS-IA modules first using the `SearchSpecificAwsIaModules` tool:
+* Amazon Bedrock (generative AI)
+* OpenSearch Serverless (vector search)
+* SageMaker endpoints
+* Serverless Streamlit applications
+These modules provide optimized, best-practice implementations for specific use cases and should be preferred over building from scratch with individual resources.
+### Step 4: Use Provider Documentation (Only if no suitable AWS-IA module exists)
+When implementing specific AWS resources (only after confirming no suitable AWS-IA module exists):
+* PREFER AWSCC provider resources first (`SearchAwsccProviderDocs` tool)
+* Fall back to traditional AWS provider (`SearchAwsProviderDocs` tool) only when necessary
+## Available Tools and Resources
+### Core Resources
+1. `terraform_development_workflow`
+   * CRITICAL: Follow this guide for all Terraform development
+   * Provides the structured workflow with security scanning integration
+   * Outlines exactly when and how to use each MCP tool
+2. `terraform_aws_best_practices`
+   * REQUIRED: Reference before starting any development
+   * Contains AWS-specific best practices for security and architecture
+   * Guides organization and structure of Terraform projects
+### Provider Resources
+1. `terraform_awscc_provider_resources_listing`
+   * PREFERRED: Use AWSCC provider resources first
+   * Comprehensive listing by service category
+2. `terraform_aws_provider_resources_listing`
+   * Use as fallback when AWSCC provider doesn't support needed resources
+   * Comprehensive listing by service category
+### Documentation Tools
+1. `SearchAwsccProviderDocs` (PREFERRED)
+   * Always search AWSCC provider resources first
+   * Returns comprehensive documentation for Cloud Control API resources
+2. `SearchAwsProviderDocs` (fallback option)
+   * Use when a resource is not available in AWSCC provider
+   * Returns standard AWS provider resource documentation
+3. `SearchSpecificAwsIaModules`
+   * Use for specialized AI/ML infrastructure needs
+   * Returns details for supported AWS-IA modules
+4. `SearchUserProvidedModule`
+   * Analyze any Terraform Registry module by URL or identifier
+   * Extract input variables, output variables, and README content
+   * Understand module usage and configuration options
+### Command Execution Tools
+1. `ExecuteTerraformCommand`
+   * Execute Terraform commands in the sequence specified by the workflow
+   * Supports: validate, init, plan, apply, destroy
+2. `ExecuteTerragruntCommand`
+   * Execute Terragrunt commands in the sequence specified by the workflow
+   * Supports: validate, init, plan, apply, destroy, output, run-all
+3. `RunCheckovScan`
+   * Run after validation passes, before initialization
+   * Identifies security and compliance issues
+## Resource Selection Priority
+1. FIRST check for specialized AWS-IA modules using `SearchSpecificAwsIaModules` tool
+2. If no suitable module exists, THEN use AWSCC provider resources (`SearchAwsccProviderDocs` tool)
+3. ONLY fall back to traditional AWS provider (`SearchAwsProviderDocs` tool) when the above options don't meet requirements
+The AWSCC provider (Cloud Control API-based) offers:
+* Direct mapping to CloudFormation resource types
+* Consistent API behavior across resources
+* Better support for newer AWS services and features
+## Examples
+- "What's the best way to set up a highly available web application on AWS using Terraform?"
+- "Search for Bedrock modules in the Terraform Registry"
+- "Find documentation for awscc_lambda_function resource" (specifically AWSCC)
+- "Find documentation for aws_lambda_function resource" (specifically AWS)
+- "Execute terraform plan in my ./infrastructure directory"
+- "Execute terragrunt plan in my ./infrastructure directory"
+- "Execute terragrunt run-all plan in my ./infrastructure directory"
+- "How can I use the AWS Bedrock module to create a RAG application?"
+- "Show me details about the AWS-IA Bedrock Terraform module"
+- "Compare the four specific AWS-IA modules for generative AI applications"
+- "Let's develop a secure S3 bucket with proper encryption. I'll follow the development workflow."
+- "I need to create Terraform code for a Lambda function. First, let me check the best practices."
+- "Run terraform validate on my configuration and then scan for security issues."
+- "Is this VPC configuration secure? Let's scan it with Checkov."
+- "Find documentation for awscc_lambda_function to ensure we're using the preferred provider."
+- "We need a Bedrock implementation for RAG. Let's search for AWS-IA modules that can help."
+- "Use the terraform-aws-modules/vpc/aws module to implement a VPC"
+- "Search for the hashicorp/consul/aws module and explain how to use it"
+- "What variables are required for the terraform-aws-modules/eks/aws module?"
+- "I have a multi-environment Terragrunt project. How can I run apply on all modules at once?"
+- "Execute terragrunt run-all apply in my ./infrastructure directory"
+- "How to construct a well-formed terragrunt hierarchy folder structure"
+- "Generate common inputs for all environments using generate in Terragrunt"
+## Best Practices
+When interacting with this server:
+1. **ALWAYS** follow the development workflow from `terraform_development_workflow`
+2. **ALWAYS** consult best practices from `terraform_aws_best_practices`
+3. **ALWAYS** validate and scan code before considering it ready for review
+4. **ALWAYS** prefer AWSCC provider resources when available
+5. Provide **security-first** implementations by default
+6. **Explain** each step of the development process to users
+7. **Be specific** about your requirements and constraints
+8. **Specify AWS region** when relevant to your infrastructure needs
+9. **Provide context** about your architecture and use case
+10. **For Terraform/Terragrunt execution**, ensure the working directory exists and contains valid Terraform/Terragrunt files
+11. **Review generated code** carefully before applying changes to your infrastructure
+12. When using **Terragrunt**, leverage DRY features—locals, dependencies, and generate blocks—to compose multi-env stacks.
+13. **Organize repos with clear folder hierarchies** (e.g. live/, modules/) and consistent naming so both Terraform and Terragrunt code is discoverable.

awslabs/terraform_mcp_server/static/TERRAFORM_WORKFLOW_GUIDE.md ADDED Viewed

@@ -0,0 +1,330 @@
+# Terraform Development Workflow
+## Purpose and Usage
+This workflow guide provides a structured approach for developing valid, secure Terraform configurations for AWS infrastructure. As an AI coding assistant utilizing this MCP server, you should follow these steps when helping users create or modify Terraform code.
+## How to Use This Guide
+You have access to specialized tools and resources through this MCP server that significantly enhance your ability to assist with Terraform development. When working with users on Terraform code:
+1. Reference this workflow consistently throughout your interactions
+2. Leverage this MCP server's capabilities rather than relying solely on your general knowledge
+3. Explain the workflow steps to users as you assist them
+4. Choose the appropriate path—Terraform or Terragrunt—based on the user's project structure and tooling preferences
+## Benefits to Emphasize
+When following this workflow and using these tools, you provide several advantages to users:
+- Early detection of configuration errors
+- Identification of security vulnerabilities before deployment
+- Adherence to AWS best practices
+- Validation that code will work correctly when deployed
+- Support for layered, DRY configurations through Terragrunt when modularization and environment inheritance are needed
+By following this workflow guide and leveraging the provided tools and resources, you'll deliver consistent, high-quality assistance for Terraform development on AWS, helping users create infrastructure code that is syntactically valid, secure, and ready for review before deployment.
+## DEVELOPMENT WORKFLOW
+``` mermaid
+flowchart TD
+    start([Start Development]) --> detectConfig[Identify Project Type:\nTerraform or Terragrunt]
+    detectConfig --> edit[Edit Code]
+    %% Initial Code Validation
+    edit --> validate[Run Validation:\nterraform validate or terragrunt validate\nvia ExecuteTerraformCommand]
+    %% Validation Flow
+    validate -->|Passes| checkovScan[Run Security Scan\nvia RunCheckovScan]
+    validate -->|Fails| fixValidation[Fix Configuration\nIssues]
+    fixValidation --> edit
+    %% Checkov Flow
+    checkovScan -->|No Issues| initCmd[Run Init Command:\nterraform init or terragrunt init\nvia ExecuteTerraformCommand]
+    checkovScan -->|Finds Issues| reviewIssues[Review Security\nIssues]
+    reviewIssues --> manualFix[Fix Security Issues]
+    manualFix --> edit
+    %% Init & Plan (No Apply)
+    initCmd -->|Success| planCmd[Run Plan Command:\nterraform plan or terragrunt plan\nvia ExecuteTerraformCommand]
+    initCmd -->|Fails| fixInit[Fix Provider/Module\nIssues]
+    fixInit --> edit
+    %% Final Review & Handoff to Developer
+    planCmd -->|Plan Generated| reviewPlan[Review Planned Changes]
+    planCmd -->|Issues Detected| edit
+    reviewPlan --> codeReady[Valid, Secure Code Ready\nfor Developer Review]
+    %% Iteration for Improvements
+    codeReady --> newChanges{Need Code\nImprovements?}
+    newChanges -->|Yes| edit
+    newChanges -->|No| handoff([Hand Off to Developer\nfor Deployment Decision])
+    %% Styling
+    classDef success fill:#bef5cb,stroke:#28a745
+    classDef warning fill:#fff5b1,stroke:#dbab09
+    classDef error fill:#ffdce0,stroke:#cb2431
+    classDef process fill:#f1f8ff,stroke:#0366d6
+    classDef decision fill:#d1bcf9,stroke:#8a63d2
+    classDef mcptool fill:#d0f0fd,stroke:#0969da,font-style:italic
+    classDef handoff fill:#ffdfb6,stroke:#f9a03f
+    class codeReady success
+    class reviewIssues,reviewPlan warning
+    class fixValidation,fixInit,manualFix error
+    class edit process
+    class detectConfig,newChanges decision
+    class validate,checkovScan,initCmd,planCmd mcptool
+    class handoff handoff
+```
+1. Edit Terraform or Terragrunt Code
+    - Write or modify Terraform or Terragrunt configuration files for AWS resources
+    - When writing code, follow this priority order:
+        * FIRST check for specialized AWS-IA modules (`SearchSpecificAwsIaModules` tool)
+        * If no suitable module exists, THEN use AWSCC provider resources (`SearchAwsccProviderDocs` tool)
+        * ONLY fall back to traditional AWS provider (`SearchAwsProviderDocs` tool) when the above options don't meet requirements
+    - When using Terragrunt:
+        * Ensure that the terraform block references the correct module or configuration directory
+        * Use Terragrunt features such as locals, dependencies, generate, and inputs to manage DRY configuration
+    - When a user provides a specific Terraform Registry module to use:
+        * Use the `SearchUserProvidedModule` tool to analyze the module
+        * Extract input variables, output variables, and README content
+        * Understand module usage and configuration options
+        * Provide guidance on how to use the module correctly
+    - MCP Resources and tools to consult:
+        - Resources
+            - *terraform_development_workflow* to consult this guide and to use it to ensure you're following the development workflow correctly
+            - *terraform_aws_best_practices* for AWS best practices about security, code base structure and organization, AWS Provider version management, and usage of community modules
+            - *terragrunt_aws_best_practices* for AWS best practices about security, code base structure and organization, AWS Provider version management, and usage of community modules
+            - *terraform_awscc_provider_resources_listing* for available AWS Cloud Control API resources
+            - *terraform_aws_provider_resources_listing* for available AWS resources
+        - Tools
+            - *SearchSpecificAwsIaModules* tool to check for specialized AWS-IA modules first (Bedrock, OpenSearch Serverless, SageMaker, Streamlit)
+            - *SearchUserProvidedModule* tool to analyze any Terraform Registry module provided by the user
+            - *SearchAwsccProviderDocs* tool to look up specific Cloud Control API resources
+            - *SearchAwsProviderDocs* tool to look up specific resource documentation
+2. Validate Code
+    - Tools:
+      - *ExecuteTerraformCommand* with command="validate"
+      - *ExecuteTerragruntCommand* with command="validate"
+    - Purpose:
+      - Checks syntax and configuration validity without accessing AWS
+      - Identifies syntax errors, invalid resource configurations, and reference issues
+    - Examples:
+      - ExecuteTerraformCommand(TerraformExecutionRequest(command="validate", working_directory="./my_project"))
+      - ExecuteTerragruntCommand(TerragruntExecutionRequest(command="validate", working_directory="./my_project"))
+3. Run Security Scan
+    - Tool: *RunCheckovScan*
+        - Scans code for security misconfigurations, compliance issues, and AWS best practice violations
+        - Example: RunCheckovScan(CheckovScanRequest(working_directory="./my_project", framework="terraform"))
+4. Fix Security Issues
+    - For fixes:
+        - Edit the code to address security issues identified by the scan
+        - Consult *terraform_aws_best_practices* resource for guidance
+5. Initialize Working Directory
+    - Tools:
+      - Terraform: *ExecuteTerraformCommand* with command="init"
+      - Terragrunt: *ExecuteTerragruntCommand* with command="init"
+    - Purpose:
+        - Downloads provider plugins and sets up modules
+    - Example:
+      - ExecuteTerraformCommand(TerraformExecutionRequest(command="init", working_directory="./my_project"))
+      - ExecuteTerragruntCommand(TerragruntExecutionRequest(command="init", working_directory="./my_project"))
+6. Plan Changes
+    - Tools:
+      - *ExecuteTerraformCommand* with command="plan"
+      - *ExecuteTerragruntCommand* with command="plan"
+    - Purpose:
+        - Creates an execution plan showing what changes would be made (without applying)
+        - Verifies that the configuration is deployable
+    - Examples:
+      - ExecuteTerraformCommand(TerraformExecutionRequest(command="plan", working_directory="./my_project", output_file="tfplan"))
+      - ExecuteTerragruntCommand(TerragruntExecutionRequest(command="plan", working_directory="./my_project", output_file="tfplan"))
+7. Review Plan & Code Ready
+    - Review the plan output to ensure it reflects intended changes
+    - Confirm all validation and security checks have passed
+    - Code is now ready for handoff to the developer for deployment decisions
+## Core Commands
+### Terraform Commands
+#### terraform init
+* Purpose: Initializes a Terraform working directory, downloading provider plugins and setting up modules.
+* When to use: Before running any other commands on a new configuration or after adding new modules/providers.
+Options:
+- `-backend-config=PATH` - Configuration for backend
+- `-reconfigure` - Reconfigure backend
+#### terraform validate
+* Purpose: Checks whether a configuration is syntactically valid and internally consistent.
+* When to use: After making changes to configuration files but before planning or applying.
+```python
+ExecuteTerraformCommand(TerraformExecutionRequest(
+    command="validate",
+    working_directory="./project_dir"
+))
+```
+#### terraform plan
+* Purpose: Creates an execution plan showing what actions Terraform would take to apply the current configuration.
+* When to use: After validation passes to preview changes before applying them.
+Options:
+- `-var 'name=value'` - Set variable
+- `-var-file=filename` - Set variables from file
+#### terraform apply
+* Purpose: Applies changes required to reach the desired state of the configuration.
+* When to use: After plan confirms the intended changes, and developer decides to proceed.
+>Note: This is typically executed by the developer after reviewing code generated by the assistant.
+Options:
+- `-auto-approve` - Skip interactive approval
+- `-var 'name=value'` - Set variable
+- Use `-out` to save plans and apply those exact plans.
+#### terraform destroy
+* Purpose: Destroys all resources managed by the current configuration.
+* When to use: When resources are no longer needed, typically executed by the developer.
+>Note: This is typically executed by the developer once it has been decided the application should be destroyed.
+Options:
+- `-auto-approve` - Skip interactive approval
+### Terragrunt Commands
+#### terragrunt init
+* Purpose: Initializes a Terragrunt working directory by preparing the underlying Terraform modules and provider plugins.
+* When to use: Before running any other commands in a new or updated Terragrunt configuration directory.
+Options:
+- `--terragrunt-config=PATH` - Path to the Terragrunt configuration file (default: terragrunt.hcl)
+```python
+ExecuteTerragruntCommand(TerragruntExecutionRequest(
+    command="init",
+    working_directory="./project_dir"
+))
+```
+#### terragrunt validate
+* Purpose: Validates the underlying Terraform configuration referenced by the Terragrunt wrapper.
+* When to use: After editing Terragrunt or Terraform configuration files, to check for syntax and reference issues.
+```python
+ExecuteTerragruntCommand(TerragruntExecutionRequest(
+    command="validate",
+    working_directory="./project_dir"
+))
+```
+Options:
+- `--terragrunt-config=PATH` - Path to the Terragrunt configuration file (default: `terragrunt.hcl`)
+#### terragrunt plan
+* Purpose: Creates an execution plan for infrastructure changes using the Terragrunt wrapper.
+* When to use: After validation passes, to preview changes before applying them.
+Options:
+- `-var 'name=value'` - Set variable (passed to Terraform)
+- `-var-file=filename` - Load variables from file (passed to Terraform)
+- `--terragrunt-config=PATH` - Path to the Terragrunt configuration file (default: `terragrunt.hcl`)
+```python
+ExecuteTerragruntCommand(TerragruntExecutionRequest(
+    command="plan",
+    working_directory="./project_dir",
+))
+```
+#### terragrunt apply
+* Purpose: Applies the planned changes using the Terragrunt wrapper.
+* When to use: After plan output is approved and developer chooses to proceed.
+>Note: This is typically executed by the developer after reviewing code and plan output.
+Options:
+- `-auto-approve` - Skip interactive approval
+- `--non-interactive` - Disables all interactive approval prompts (Terragrunt as well of Terraform)
+- `-var 'name=value'` - Set variable
+- `--terragrunt-config=PATH` - Use a specific Terragrunt configuration file
+```python
+ExecuteTerragruntCommand(TerragruntExecutionRequest(
+    command="apply",
+    working_directory="./project_dir"
+))
+```
+#### terragrunt destroy
+* Purpose: Destroys all infrastructure managed through the Terragrunt configuration.
+* When to use: When the infrastructure is no longer needed.
+>Note: This is typically executed by the developer once the application or environment is being decommissioned.
+Options:
+- `-auto-approve` - Skip interactive approval
+- `--non-interactive` - Disables all interactive approval prompts (Terragrunt as well of Terraform)
+- `--terragrunt-config=PATH` - Use a specific Terragrunt configuration file
+```python
+ExecuteTerragruntCommand(TerragruntExecutionRequest(
+    command="destroy",
+    working_directory="./project_dir"
+))
+```
+#### terragrunt run-all apply
+* Purpose: Recursively runs the `apply` command across all child Terragrunt modules in a directory tree.
+* When to use: To apply changes across an entire environment or stack, typically in a root coordination folder.
+Options:
+- `--non-interactive` - Disables all interactive approval prompts (Terragrunt as well of Terraform)
+- `--queue-exclude-dir` - Exclude glob path that should be excluded when issuing run-all commands. If a relative path is specified, it should be relative from working-dir.
+- `--queue-include-dir` - Include glob path that should be included when issuing run-all commands. If a relative path is specified, it should be relative from working-dir.
+```python
+ExecuteTerragruntCommand(TerragruntExecutionRequest(
+    command="run-all apply",
+    working_directory="./live/production"
+))
+```
+### Checkov Commands
+These security scanning commands are available through dedicated tools:
+#### Checkov Scan
+* Purpose: Scans Terraform code for security issues, misconfigurations, and compliance violations.
+* Tool: RunCheckovScan
+* When to use: After code passes terraform validate but before initializing and planning.
+## Key Principles
+- **Module-First Approach**: Always check for specialized AWS-IA modules before building with individual resources
+- **Provider Selection**: When using individual resources, prefer the AWSCC provider (Cloud Control API-based) before falling back to the traditional AWS provider
+- **Security First**: Always implement security best practices by default
+- **Cost Optimization**: Design resources to minimize costs while meeting requirements
+- **Operational Excellence**: Implement proper monitoring, logging, and observability
+- **Serverless-First**: Prefer serverless services when possible
+- **Infrastructure as Code**: Define all infrastructure declaratively using Terraform (or Terragrunt where applicable)
+- **Regional Awareness**: Consider regional availability and constraints for services

awslabs/terraform_mcp_server/static/__init__.py ADDED Viewed

@@ -0,0 +1,38 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+from importlib import (
+    resources,
+)  # nosemgrep: python.lang.compatibility.python37.python37-compatibility-importlib2, python.lang.compatibility.python37-compatibility-importlib2
+with (
+    resources.files('awslabs.terraform_mcp_server.static')
+    .joinpath('MCP_INSTRUCTIONS.md')
+    .open('r', encoding='utf-8') as f
+):
+    MCP_INSTRUCTIONS = f.read()
+with (
+    resources.files('awslabs.terraform_mcp_server.static')
+    .joinpath('TERRAFORM_WORKFLOW_GUIDE.md')
+    .open('r', encoding='utf-8') as f
+):
+    TERRAFORM_WORKFLOW_GUIDE = f.read()
+with (
+    resources.files('awslabs.terraform_mcp_server.static')
+    .joinpath('AWS_TERRAFORM_BEST_PRACTICES.md')
+    .open('r', encoding='utf-8') as f
+):
+    AWS_TERRAFORM_BEST_PRACTICES = f.read()

awslabs_terraform_mcp_server-1.0.14.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,166 @@
+Metadata-Version: 2.4
+Name: awslabs.terraform-mcp-server
+Version: 1.0.14
+Summary: An AWS Labs Model Context Protocol (MCP) server for terraform
+Requires-Python: >=3.10
+Requires-Dist: asteval>=1.0.6
+Requires-Dist: beautifulsoup4>=4.12.0
+Requires-Dist: checkov>=3.2.402
+Requires-Dist: loguru>=0.7.0
+Requires-Dist: mcp[cli]>=1.23.0
+Requires-Dist: playwright>=1.40.0
+Requires-Dist: pydantic>=2.10.6
+Requires-Dist: pypdf2>=3.0.0
+Requires-Dist: requests>=2.31.0
+Description-Content-Type: text/markdown
+# AWS Terraform MCP Server
+MCP server for Terraform on AWS best practices, infrastructure as code patterns, and security compliance with Checkov.
+## Features
+- **Terraform Best Practices** - Get prescriptive Terraform advice for building applications on AWS
+  - AWS Well-Architected guidance for Terraform configurations
+  - Security and compliance recommendations
+  - AWSCC provider prioritization for consistent API behavior
+- **Security-First Development Workflow** - Follow a structured process for creating secure code
+  - Step-by-step guidance for validation and security scanning
+  - Integration of Checkov at the right stages of development
+  - Clear handoff points between AI assistance and developer deployment
+- **Checkov Integration** - Work with Checkov for security and compliance scanning
+  - Run security scans on Terraform code to identify vulnerabilities
+  - Automatically fix identified security issues when possible
+  - Get detailed remediation guidance for compliance issues
+- **AWS Provider Documentation** - Search for AWS and AWSCC provider resources
+  - Find documentation for specific resources and attributes
+  - Get example snippets and implementation guidance
+  - Compare AWS and AWSCC provider capabilities
+- **AWS-IA GenAI Modules** - Access specialized modules for AI/ML workloads
+  - Amazon Bedrock module for generative AI applications
+  - OpenSearch Serverless for vector search capabilities
+  - SageMaker endpoint deployment for ML model hosting
+  - Serverless Streamlit application deployment for AI interfaces
+- **Terraform Registry Module Analysis** - Analyze Terraform Registry modules
+  - Search for modules by URL or identifier
+  - Extract input variables, output variables, and README content
+  - Understand module usage and configuration options
+  - Analyze module structure and dependencies
+- **Terraform Workflow Execution** - Run Terraform commands directly
+  - Initialize, plan, validate, apply, and destroy operations
+  - Pass variables and specify AWS regions
+  - Get formatted command output for analysis
+- **Terragrunt Workflow Execution** - Run Terragrunt commands directly
+  - Initialize, plan, validate, apply, run-all and destroy operations
+  - Pass variables and specify AWS regions
+  - Configure terragrunt-config and and include/exclude paths flags
+  - Get formatted command output for analysis
+## Tools and Resources
+- **Terraform Development Workflow**: Follow security-focused development process via `terraform://workflow_guide`
+- **AWS Best Practices**: Access AWS-specific guidance via `terraform://aws_best_practices`
+- **AWS Provider Resources**: Access resource listings via `terraform://aws_provider_resources_listing`
+- **AWSCC Provider Resources**: Access resource listings via `terraform://awscc_provider_resources_listing`
+## Prerequisites
+1. Install `uv` from [Astral](https://docs.astral.sh/uv/getting-started/installation/) or the [GitHub README](https://github.com/astral-sh/uv#installation)
+2. Install Python using `uv python install 3.10`
+3. Install Terraform CLI for workflow execution
+4. Install Checkov for security scanning
+## Installation
+| Kiro | Cursor | VS Code |
+|:----:|:------:|:-------:|
+| [![Add to Kiro](https://kiro.dev/images/add-to-kiro.svg)](https://kiro.dev/launch/mcp/add?name=awslabs.terraform-mcp-server&config=%7B%22command%22%3A%22uvx%22%2C%22args%22%3A%5B%22awslabs.terraform-mcp-server%40latest%22%5D%2C%22env%22%3A%7B%22FASTMCP_LOG_LEVEL%22%3A%22ERROR%22%7D%7D) | [![Install MCP Server](https://cursor.com/deeplink/mcp-install-light.svg)](https://cursor.com/en/install-mcp?name=awslabs.terraform-mcp-server&config=eyJjb21tYW5kIjoidXZ4IGF3c2xhYnMudGVycmFmb3JtLW1jcC1zZXJ2ZXJAbGF0ZXN0IiwiZW52Ijp7IkZBU1RNQ1BfTE9HX0xFVkVMIjoiRVJST1IifSwiZGlzYWJsZWQiOmZhbHNlLCJhdXRvQXBwcm92ZSI6W119) | [![Install on VS Code](https://img.shields.io/badge/Install_on-VS_Code-FF9900?style=flat-square&logo=visualstudiocode&logoColor=white)](https://insiders.vscode.dev/redirect/mcp/install?name=Terraform%20MCP%20Server&config=%7B%22command%22%3A%22uvx%22%2C%22args%22%3A%5B%22awslabs.terraform-mcp-server%40latest%22%5D%2C%22env%22%3A%7B%22FASTMCP_LOG_LEVEL%22%3A%22ERROR%22%7D%2C%22disabled%22%3Afalse%2C%22autoApprove%22%3A%5B%5D%7D) |
+Configure the MCP server in your MCP client configuration (e.g., for Kiro, edit `~/.kiro/settings/mcp.json`):
+```json
+{
+  "mcpServers": {
+    "awslabs.terraform-mcp-server": {
+      "command": "uvx",
+      "args": ["awslabs.terraform-mcp-server@latest"],
+      "env": {
+        "FASTMCP_LOG_LEVEL": "ERROR"
+      },
+      "disabled": false,
+      "autoApprove": []
+    }
+  }
+}
+```
+### Windows Installation
+For Windows users, the MCP server configuration format is slightly different:
+```json
+{
+  "mcpServers": {
+    "awslabs.terraform-mcp-server": {
+      "disabled": false,
+      "timeout": 60,
+      "type": "stdio",
+      "command": "uv",
+      "args": [
+        "tool",
+        "run",
+        "--from",
+        "awslabs.terraform-mcp-server@latest",
+        "awslabs.terraform-mcp-server.exe"
+      ],
+      "env": {
+        "FASTMCP_LOG_LEVEL": "ERROR",
+        "AWS_PROFILE": "your-aws-profile",
+        "AWS_REGION": "us-east-1"
+      }
+    }
+  }
+}
+```
+or docker after a successful `docker build -t awslabs/terraform-mcp-server .`:
+```json
+  {
+    "mcpServers": {
+      "awslabs.terraform-mcp-server": {
+        "command": "docker",
+        "args": [
+          "run",
+          "--rm",
+          "--interactive",
+          "--env",
+          "FASTMCP_LOG_LEVEL=ERROR",
+          "awslabs/terraform-mcp-server:latest"
+        ],
+        "env": {},
+        "disabled": false,
+        "autoApprove": []
+      }
+    }
+  }
+```
+## Security Considerations
+When using this MCP server, you should consider:
+- **Following the structured development workflow** that integrates validation and security scanning
+- Reviewing all Checkov warnings and errors manually
+- Fixing security issues rather than ignoring them whenever possible
+- Documenting clear justifications for any necessary exceptions
+- Using the RunCheckovScan tool regularly to verify security compliance
+- Preferring the AWSCC provider for its consistent API behavior and better security defaults
+Before applying Terraform changes to production environments, you should conduct your own independent assessment to ensure that your infrastructure would comply with your own specific security and quality control practices and standards, as well as the local laws, rules, and regulations that govern you and your content.