Connect Terraform Cloud to AI agents

Connect Terraform Cloud to Claude, Codex, Cursor, or other AI agents for your entire team. Metorial security, governance, observability, and gives your team a unified Magic MCP url to connect.

Supported Tools

create_variable_set

Create Variable Set

Create a reusable variable set. Apply it globally to all workspaces or scope it to specific workspaces and projects.

create_policy_set

Create Policy Set

Create a new policy set using Sentinel or OPA. Apply it globally or scope it to specific workspaces and projects. Optionally connect to a VCS repository containing policy code.

delete_workspace

Delete Workspace

Permanently delete a workspace and all of its content (state versions, runs, variables). This action cannot be undone.

create_run_trigger

Create Run Trigger

Create a run trigger that automatically queues a run in the target workspace whenever a run in the source workspace completes successfully. This enables workspace dependency chains.

list_variables

List Variables

List all Terraform and environment variables in a workspace. Returns the key, value, category, and whether each variable is sensitive or uses HCL syntax. Sensitive variable values are not returned.

delete_variable

Delete Variable

Permanently delete a variable from a workspace. This removes the variable from both the workspace and any future runs.

get_organization

Get Organization

Get details about the configured Terraform Cloud organization, including plan entitlements, feature flags, and usage limits.

delete_variable_set

Delete Variable Set

Permanently delete a variable set. Variables in the set will no longer be available to any workspace.

list_variable_sets

List Variable Sets

List all variable sets in the organization. Variable sets allow sharing common variables across multiple workspaces without duplicating them.

list_projects

List Projects

List all projects in the organization. Projects are used to organize and group workspaces.

list_workspaces

List Workspaces

List workspaces in the organization. Supports searching by name and filtering by project. Returns workspace configuration including execution mode, Terraform version, lock status, and VCS connection.

update_workspace

Update Workspace

Update an existing workspace's settings. Modify name, description, execution mode, Terraform version, auto-apply behavior, or working directory. Only provided fields will be updated.

delete_project

Delete Project

Permanently delete a project. The project must have no workspaces assigned to it.

create_workspace

Create Workspace

Create a new Terraform workspace. Configure execution mode, Terraform version, auto-apply behavior, and optionally connect to a VCS repository for automatic run triggers.

list_policy_sets

List Policy Sets

List policy sets configured in the organization. Policy sets contain Sentinel or OPA policies that are enforced on runs.

delete_policy_set

Delete Policy Set

Permanently delete a policy set. This stops enforcement of all policies in the set.

delete_team

Delete Team

Permanently delete a team. This revokes all workspace access granted to the team.

manage_run

Manage Run

Perform an action on an existing Terraform run. Apply a planned run, discard an unapplied plan, cancel a running operation, force-cancel a stuck run, or force-execute a run that is waiting in the queue.

list_runs

List Runs

List Terraform runs for a workspace. Filter by status to find pending, planning, applying, or completed runs. Returns run details including status, changes, and timing information.

update_project

Update Project

Update a project's name or description.

create_run

Create Run

Trigger a new Terraform run (plan, apply, or destroy) in a workspace. Supports plan-only, refresh-only, destroy runs, targeted resources, and resource replacement. For VCS-connected workspaces, uses the latest configuration; for API-driven workspaces, optionally specify a configuration version.

create_variable

Create Variable

Create a Terraform variable or environment variable in a workspace. Supports HCL-formatted values and marking variables as sensitive to protect secrets.

get_current_state

Get Current State

Get the current (latest) state version for a workspace, including its outputs. Returns state metadata and all output values that can be used by other workspaces.

delete_run_trigger

Delete Run Trigger

Remove a run trigger (workspace dependency). Runs in the target workspace will no longer be queued when the source workspace completes.

lock_unlock_workspace

Lock/Unlock Workspace

Lock or unlock a workspace. Locking prevents new runs from being queued. Supports regular unlock and force-unlock (requires admin access). Provide a reason when locking to document why the workspace is locked.

update_variable

Update Variable

Update an existing variable's key, value, description, HCL setting, or sensitivity. Only provided fields will be updated.

get_workspace

Get Workspace

Get detailed information about a specific workspace by its ID or name. Returns full workspace configuration including execution mode, Terraform version, VCS settings, lock status, and resource count.

manage_team_members

Manage Team Members

Add or remove users from a team. Users are specified by their Terraform Cloud usernames.

list_notifications

List Notifications

List all notification configurations for a workspace. Shows webhook, Slack, Microsoft Teams, and email notification destinations and the events they listen for.

get_run

Get Run

Get detailed information about a specific Terraform run. Returns the run's current status, plan/apply details, timestamps, and whether it has changes.

delete_notification

Delete Notification

Delete a notification configuration from a workspace.

set_team_workspace_access

Set Team Workspace Access

Grant a team access to a workspace with a specific permission level. Use "custom" access for granular control over runs, variables, state versions, and other workspace features.

list_teams

List Teams

List all teams in the organization. Returns team details including member count, visibility, and organization-level access permissions.

list_state_versions

List State Versions

List historical state versions for a workspace. Each state version represents a snapshot of the infrastructure state at a point in time.

list_run_triggers

List Run Triggers

List run triggers (workspace dependencies) for a workspace. Run triggers automatically queue runs when dependent workspaces complete successfully.

create_project

Create Project

Create a new project to organize workspaces. Workspaces can be assigned to a project during creation or moved later.

create_notification

Create Notification

Create a notification configuration for a workspace. Send run status updates to a webhook URL, Slack channel, Microsoft Teams channel, or email addresses. Choose which events trigger notifications.

create_team

Create Team

Create a new team in the organization. Configure organization-level permissions to control what the team can manage (workspaces, policies, VCS, providers, modules, runs, projects).

More integrations teams use with Terraform Cloud

GitHub

Manage repositories, issues, and pull requests. Create and configure branches, star repositories, review code, and merge changes. Automate CI/CD workflows with GitHub Actions, manage workflow runs, secrets, and artifacts. Track issues with labels, milestones, and assignees. Search across code, repositories, issues, and users. Manage organizations, teams, and memberships. Create and manage projects, gists, packages, deployments, and environments. Access security alerts including code scanning, secret scanning, and Dependabot alerts. Read and write file contents in repositories. Manage webhooks, notifications, and codespaces.

Sharepoint

Manage SharePoint sites, document libraries, lists, and files. Create, read, update, and delete lists and list items with custom columns. Upload, download, move, copy, and version files in document libraries. Search across sites, files, folders, lists, and list items using Microsoft Search. Manage permissions at site, list, and item levels with granular access control. Define and manage content types and site columns. Subscribe to webhooks for list and library change notifications. Retrieve site properties and search for sites across Microsoft 365.

Salesforce

Manage CRM data including Accounts, Contacts, Leads, Opportunities, Cases, and custom objects. Create, read, update, and delete records. Query data using SOQL and search across objects using SOSL. Perform bulk data operations for large-scale imports, exports, and migrations. Execute composite requests to batch multiple operations in a single API call. Access analytics, reports, and dashboards. Manage files and attachments associated with records. Interact with Chatter feeds, posts, and groups for social collaboration. Subscribe to real-time change events via Change Data Capture and Platform Events. Manage org metadata including custom objects, fields, layouts, and workflows. Query data using GraphQL for precise data retrieval across related objects.

Airtable

Create, read, update, and delete records in Airtable bases and tables. Manage base schemas including creating tables and fields. Filter records using formulas, sort by fields, and scope queries to specific views. Upsert records to find, create, or update in a single call. Upload attachments to records, read and write record comments, list accessible bases, and receive real-time base change events through webhooks.

Bitbucket

Manage Git repositories, pull requests, and CI/CD pipelines on Bitbucket Cloud. Create, fork, and configure repositories within workspaces and projects. Create, review, approve, merge, and decline pull requests with inline code comments. Browse source code, list commits, and manage branches and tags. Track issues with the built-in issue tracker. Trigger, monitor, and manage Bitbucket Pipelines. List workspace members, configure repository default reviewers and branch restrictions, create and manage repository webhooks, and search code across repositories.

Heroku

Deploy, manage, and scale applications on Heroku's cloud platform. Create and configure apps, scale dynos, provision add-ons (databases, caching, etc.), manage configuration variables, build and release code, add custom domains and SSL certificates, manage collaborators and team permissions, configure pipelines for continuous delivery, set up log drains, and sync data with Salesforce via Heroku Connect. Subscribe to webhooks for real-time notifications on app changes, builds, releases, dyno lifecycle events, and more.

Technical notes for Terraform Cloud

Manage infrastructure-as-code workflows on Terraform Cloud (HCP Terraform). Create, update, delete, lock, and unlock workspaces. Trigger and manage Terraform runs including plan, apply, and destroy operations. Approve, cancel, discard, or force-execute runs. Create and manage Terraform variables and environment variables at the workspace or variable set level, including sensitive values. Organize workspaces into projects. Manage organizations, teams, team memberships, and granular workspace permissions. Enforce policies using Sentinel and OPA policy-as-code frameworks. View and manage Terraform state versions and outputs. Connect workspaces to VCS repositories (GitHub, GitLab, Bitbucket, Azure DevOps) for automatic run triggers. Configure run tasks to integrate external services during plan and apply stages. Set up run triggers for workspace dependency chains. Enable health assessments including drift detection and continuous validation. Publish and manage private Terraform modules and providers in a private registry. Manage agent pools for private infrastructure execution. Access audit trail logs. Configure webhook notifications for run progress, workspace health, and auto-destroy events to Slack, Microsoft Teams, email, or custom endpoints.

Connect Terraform Cloud to production AI agents

See how Metorial gives Terraform Cloud access the governance, tracing, and security controls teams need.

Frequently asked questions

Common questions about connecting Terraform Cloud to AI agents with Metorial.

  1. Can Metorial connect Terraform Cloud to AI agents?
    Yes. Metorial connects AI agents to Terraform Cloud through a governed integration layer, so teams can use the provider while keeping access controlled and observable.
  2. Metorial is MCP compatible and lets teams expose approved provider tools to MCP-capable agents and clients through a controlled access layer.
  3. Metorial applies policies across users, groups, providers, agents, and individual tools, then records the context around every agent interaction.
  4. Yes. Metorial records provider activity so teams can inspect tool calls, troubleshoot integrations, and give security teams the visibility they need.