create_variable_set
Create Variable Set
Create a reusable variable set. Apply it globally to all workspaces or scope it to specific workspaces and projects.
create_variable_set
Create a reusable variable set. Apply it globally to all workspaces or scope it to specific workspaces and projects.
create_policy_set
Create a new policy set using Sentinel or OPA. Apply it globally or scope it to specific workspaces and projects. Optionally connect to a VCS repository containing policy code.
delete_workspace
Permanently delete a workspace and all of its content (state versions, runs, variables). This action cannot be undone.
create_run_trigger
Create a run trigger that automatically queues a run in the target workspace whenever a run in the source workspace completes successfully. This enables workspace dependency chains.
list_variables
List all Terraform and environment variables in a workspace. Returns the key, value, category, and whether each variable is sensitive or uses HCL syntax. Sensitive variable values are not returned.
delete_variable
Permanently delete a variable from a workspace. This removes the variable from both the workspace and any future runs.
get_organization
Get details about the configured Terraform Cloud organization, including plan entitlements, feature flags, and usage limits.
delete_variable_set
Permanently delete a variable set. Variables in the set will no longer be available to any workspace.
list_variable_sets
List all variable sets in the organization. Variable sets allow sharing common variables across multiple workspaces without duplicating them.
list_projects
List all projects in the organization. Projects are used to organize and group workspaces.
list_workspaces
List workspaces in the organization. Supports searching by name and filtering by project. Returns workspace configuration including execution mode, Terraform version, lock status, and VCS connection.
update_workspace
Update an existing workspace's settings. Modify name, description, execution mode, Terraform version, auto-apply behavior, or working directory. Only provided fields will be updated.
delete_project
Permanently delete a project. The project must have no workspaces assigned to it.
create_workspace
Create a new Terraform workspace. Configure execution mode, Terraform version, auto-apply behavior, and optionally connect to a VCS repository for automatic run triggers.
list_policy_sets
List policy sets configured in the organization. Policy sets contain Sentinel or OPA policies that are enforced on runs.
delete_policy_set
Permanently delete a policy set. This stops enforcement of all policies in the set.
delete_team
Permanently delete a team. This revokes all workspace access granted to the team.
manage_run
Perform an action on an existing Terraform run. Apply a planned run, discard an unapplied plan, cancel a running operation, force-cancel a stuck run, or force-execute a run that is waiting in the queue.
list_runs
List Terraform runs for a workspace. Filter by status to find pending, planning, applying, or completed runs. Returns run details including status, changes, and timing information.
update_project
Update a project's name or description.
create_run
Trigger a new Terraform run (plan, apply, or destroy) in a workspace. Supports plan-only, refresh-only, destroy runs, targeted resources, and resource replacement. For VCS-connected workspaces, uses the latest configuration; for API-driven workspaces, optionally specify a configuration version.
create_variable
Create a Terraform variable or environment variable in a workspace. Supports HCL-formatted values and marking variables as sensitive to protect secrets.
get_current_state
Get the current (latest) state version for a workspace, including its outputs. Returns state metadata and all output values that can be used by other workspaces.
delete_run_trigger
Remove a run trigger (workspace dependency). Runs in the target workspace will no longer be queued when the source workspace completes.
lock_unlock_workspace
Lock or unlock a workspace. Locking prevents new runs from being queued. Supports regular unlock and force-unlock (requires admin access). Provide a reason when locking to document why the workspace is locked.
update_variable
Update an existing variable's key, value, description, HCL setting, or sensitivity. Only provided fields will be updated.
get_workspace
Get detailed information about a specific workspace by its ID or name. Returns full workspace configuration including execution mode, Terraform version, VCS settings, lock status, and resource count.
manage_team_members
Add or remove users from a team. Users are specified by their Terraform Cloud usernames.
list_notifications
List all notification configurations for a workspace. Shows webhook, Slack, Microsoft Teams, and email notification destinations and the events they listen for.
get_run
Get detailed information about a specific Terraform run. Returns the run's current status, plan/apply details, timestamps, and whether it has changes.
delete_notification
Delete a notification configuration from a workspace.
set_team_workspace_access
Grant a team access to a workspace with a specific permission level. Use "custom" access for granular control over runs, variables, state versions, and other workspace features.
list_teams
List all teams in the organization. Returns team details including member count, visibility, and organization-level access permissions.
list_state_versions
List historical state versions for a workspace. Each state version represents a snapshot of the infrastructure state at a point in time.
list_run_triggers
List run triggers (workspace dependencies) for a workspace. Run triggers automatically queue runs when dependent workspaces complete successfully.
create_project
Create a new project to organize workspaces. Workspaces can be assigned to a project during creation or moved later.
create_notification
Create a notification configuration for a workspace. Send run status updates to a webhook URL, Slack channel, Microsoft Teams channel, or email addresses. Choose which events trigger notifications.
create_team
Create a new team in the organization. Configure organization-level permissions to control what the team can manage (workspaces, policies, VCS, providers, modules, runs, projects).
Manage infrastructure-as-code workflows on Terraform Cloud (HCP Terraform). Create, update, delete, lock, and unlock workspaces. Trigger and manage Terraform runs including plan, apply, and destroy operations. Approve, cancel, discard, or force-execute runs. Create and manage Terraform variables and environment variables at the workspace or variable set level, including sensitive values. Organize workspaces into projects. Manage organizations, teams, team memberships, and granular workspace permissions. Enforce policies using Sentinel and OPA policy-as-code frameworks. View and manage Terraform state versions and outputs. Connect workspaces to VCS repositories (GitHub, GitLab, Bitbucket, Azure DevOps) for automatic run triggers. Configure run tasks to integrate external services during plan and apply stages. Set up run triggers for workspace dependency chains. Enable health assessments including drift detection and continuous validation. Publish and manage private Terraform modules and providers in a private registry. Manage agent pools for private infrastructure execution. Access audit trail logs. Configure webhook notifications for run progress, workspace health, and auto-destroy events to Slack, Microsoft Teams, email, or custom endpoints.
Common questions about connecting Terraform Cloud to AI agents with Metorial.