/ 目录 / 演练场 / terrashark
← 全部服务器 ↗ GitHub
● 社区 LukasNiessen ⚡ 即开即用

terrashark

作者 LukasNiessen · LukasNiessen/terrashark

Terraform skill that actually follows HashiCorp best practices — eliminates LLM hallucinations with grounded, modular IaC.

TerraShark prevents the common Claude failure mode of hallucinated Terraform resource arguments by grounding generation in official HashiCorp best practices. Biases toward modular code, sensible state layout, and security defaults. Good for greenfield IaC and for fixing up LLM-generated Terraform that doesn't terraform plan cleanly.

▶ 观看演示 📦 安装 💡 使用场景

为什么要用

核心特性

实时演示

实际使用效果

terrashark-skill.replay ▶ 就绪
0/0

安装

选择你的客户端

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "terrashark-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ],
      "_inferred": true
    }
  }
}

打开 Claude Desktop → Settings → Developer → Edit Config。保存后重启应用。

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "terrashark-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ],
      "_inferred": true
    }
  }
}

Cursor 使用与 Claude Desktop 相同的 mcpServers 格式。项目级配置优先于全局。

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "terrashark-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ],
      "_inferred": true
    }
  }
}

点击 Cline 侧栏中的 MCP Servers 图标,然后选 "Edit Configuration"。

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "terrashark-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ],
      "_inferred": true
    }
  }
}

格式与 Claude Desktop 相同。重启 Windsurf 生效。

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "terrashark-skill",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ]
    }
  ]
}

Continue 使用服务器对象数组,而非映射。

~/.config/zed/settings.json
{
  "context_servers": {
    "terrashark-skill": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/LukasNiessen/terrashark",
          "~/.claude/skills/terrashark"
        ]
      }
    }
  }
}

加入 context_servers。Zed 保存后热重载。

claude mcp add terrashark-skill -- git clone https://github.com/LukasNiessen/terrashark ~/.claude/skills/terrashark

一行命令搞定。用 claude mcp list 验证,claude mcp remove 卸载。

使用场景

实战用法: terrashark

How to scaffold a production-grade AWS VPC module

👤 Platform engineers starting a new environment ⏱ ~45 min intermediate

何时使用: Day one of a new AWS account; you want a VPC module that won't embarrass you in 6 months.

前置条件
  • Skill installed — git clone https://github.com/LukasNiessen/terrashark ~/.claude/skills/terrashark
  • terraform CLI 1.6+ — brew install terraform
步骤
  1. Generate module
    Use terrashark. AWS VPC module, 3 AZs, public + private + db subnets, NAT gateways per AZ, flow logs on.✓ 已复制
    → Module with variables.tf, main.tf, outputs.tf — no hallucinated args
  2. Add security defaults
    Ensure default security group denies all, flow logs go to CloudWatch with KMS-CMK encryption.✓ 已复制
    → Security group + logging + KMS wired
  3. Validate
    Run terraform init + validate + plan with example tfvars.✓ 已复制
    → Clean plan output, no errors

结果: A VPC module that terraform validates clean and follows AWS best practices.

注意事项
  • LLM suggests deprecated aws_vpc_endpoint arg — TerraShark grounds in current docs; if drift still happens, ask it to cite the HashiCorp page
  • Module too monolithic — Ask for split: networking module vs. endpoints module separately
搭配使用: aws-skill

Fix LLM-generated Terraform that doesn't plan

👤 Engineers cleaning up AI-generated IaC ⏱ ~20 min intermediate

何时使用: Another LLM gave you Terraform that looks reasonable but terraform plan fails on unknown arguments.

步骤
  1. Point at the broken file
    terraform plan fails on modules/rds. Use terrashark to fix each invalid argument with the current correct form.✓ 已复制
    → Per-error fix with HashiCorp doc reference
  2. Validate
    Re-run plan; if any errors remain, iterate.✓ 已复制
    → Clean plan

结果: A file that plans clean.

Design a remote state layout for multi-env

👤 Teams graduating from local state ⏱ ~60 min advanced

何时使用: You have dev + staging + prod and one giant terraform.tfstate.

步骤
  1. Propose layout
    Design S3 remote backend with per-env state files and DynamoDB locking. 3 envs.✓ 已复制
    → Backend config per env with key separation + locking
  2. Migration plan
    Plan the migration from a single local state to this layout, step by step.✓ 已复制
    → terraform state mv steps + safety checkpoints

结果: A state layout you can migrate to without losing state.

注意事项
  • Accidentally deleting state during migration — Always pull and back up state files before any mv operation

组合

与其他 MCP 搭配,撬动十倍杠杆

terrashark-skill + aws-skill

AWS skill sizes architecture, TerraShark implements IaC

Design the architecture with aws-skill, implement as Terraform with terrashark.✓ 已复制
terrashark-skill + claude-code-owasp-skill

Security-review the generated IaC

After terrashark scaffolds the module, run OWASP security review on the IAM and networking blocks.✓ 已复制

工具

此 MCP 暴露的能力

工具输入参数何时调用成本
Module scaffolding provider, resource shape Greenfield IaC Claude tokens
Hallucination fix tf file + error log Cleaning up AI-generated TF Claude tokens
State layout design envs, team shape Multi-env setups Claude tokens
Security defaults - Pre-prod review Claude tokens

成本与限制

运行它的成本

API 配额
None
每次调用 Token 数
10-30k per module
费用
Free
提示
Generate module by module, not whole environment in one shot.

安全

权限、密钥、影响范围

凭据存储: No credentials. TerraShark doesn't run terraform apply itself.
数据出站: Prompts go to Claude. Terraform plan/apply hits your cloud provider using your local creds.

故障排查

常见错误与修复

terraform validate fails on unknown argument

Ask TerraShark to reconcile against the current provider doc URL; provider version may be newer than the skill's prompt context.

验证: terraform providers
Plan creates unwanted destroys

Usually state-drift or implicit renaming. Run terraform plan -target to isolate before apply.

替代方案

terrashark 对比其他方案

替代方案何时用它替代权衡
Hand-writing with official docs openYou know the provider deeplySlower

更多

资源

📖 阅读 GitHub 上的官方 README

🐙 查看未解决的 issue

🔍 浏览全部 400+ MCP 服务器和 Skills