/ 目錄 / 演練場 / terrashark
← 全部伺服器 ↗ GitHub
● 社群 LukasNiessen ⚡ 即開即用

terrashark

作者 LukasNiessen · LukasNiessen/terrashark

Terraform skill that actually follows HashiCorp best practices — eliminates LLM hallucinations with grounded, modular IaC.

TerraShark prevents the common Claude failure mode of hallucinated Terraform resource arguments by grounding generation in official HashiCorp best practices. Biases toward modular code, sensible state layout, and security defaults. Good for greenfield IaC and for fixing up LLM-generated Terraform that doesn't terraform plan cleanly.

▶ 觀看演示 📦 安裝 💡 使用場景

為什麼要用

核心特性

即時演示

實際使用效果

terrashark-skill.replay ▶ 就緒
0/0

安裝

選擇你的客戶端

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "terrashark-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ],
      "_inferred": true
    }
  }
}

開啟 Claude Desktop → Settings → Developer → Edit Config。儲存後重啟應用。

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "terrashark-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ],
      "_inferred": true
    }
  }
}

Cursor 使用與 Claude Desktop 相同的 mcpServers 格式。專案級設定優先於全域。

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "terrashark-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ],
      "_inferred": true
    }
  }
}

點擊 Cline 側欄中的 MCP Servers 圖示,然後選 "Edit Configuration"。

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "terrashark-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ],
      "_inferred": true
    }
  }
}

格式與 Claude Desktop 相同。重啟 Windsurf 生效。

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "terrashark-skill",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ]
    }
  ]
}

Continue 使用伺服器物件陣列,而非映射。

~/.config/zed/settings.json
{
  "context_servers": {
    "terrashark-skill": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/LukasNiessen/terrashark",
          "~/.claude/skills/terrashark"
        ]
      }
    }
  }
}

加入 context_servers。Zed 儲存後熱重載。

claude mcp add terrashark-skill -- git clone https://github.com/LukasNiessen/terrashark ~/.claude/skills/terrashark

一行命令搞定。用 claude mcp list 驗證,claude mcp remove 移除。

使用場景

實戰用法: terrashark

How to scaffold a production-grade AWS VPC module

👤 Platform engineers starting a new environment ⏱ ~45 min intermediate

何時使用: Day one of a new AWS account; you want a VPC module that won't embarrass you in 6 months.

前置條件
  • Skill installed — git clone https://github.com/LukasNiessen/terrashark ~/.claude/skills/terrashark
  • terraform CLI 1.6+ — brew install terraform
步驟
  1. Generate module
    Use terrashark. AWS VPC module, 3 AZs, public + private + db subnets, NAT gateways per AZ, flow logs on.✓ 已複製
    → Module with variables.tf, main.tf, outputs.tf — no hallucinated args
  2. Add security defaults
    Ensure default security group denies all, flow logs go to CloudWatch with KMS-CMK encryption.✓ 已複製
    → Security group + logging + KMS wired
  3. Validate
    Run terraform init + validate + plan with example tfvars.✓ 已複製
    → Clean plan output, no errors

結果: A VPC module that terraform validates clean and follows AWS best practices.

注意事項
  • LLM suggests deprecated aws_vpc_endpoint arg — TerraShark grounds in current docs; if drift still happens, ask it to cite the HashiCorp page
  • Module too monolithic — Ask for split: networking module vs. endpoints module separately
搭配使用: aws-skill

Fix LLM-generated Terraform that doesn't plan

👤 Engineers cleaning up AI-generated IaC ⏱ ~20 min intermediate

何時使用: Another LLM gave you Terraform that looks reasonable but terraform plan fails on unknown arguments.

步驟
  1. Point at the broken file
    terraform plan fails on modules/rds. Use terrashark to fix each invalid argument with the current correct form.✓ 已複製
    → Per-error fix with HashiCorp doc reference
  2. Validate
    Re-run plan; if any errors remain, iterate.✓ 已複製
    → Clean plan

結果: A file that plans clean.

Design a remote state layout for multi-env

👤 Teams graduating from local state ⏱ ~60 min advanced

何時使用: You have dev + staging + prod and one giant terraform.tfstate.

步驟
  1. Propose layout
    Design S3 remote backend with per-env state files and DynamoDB locking. 3 envs.✓ 已複製
    → Backend config per env with key separation + locking
  2. Migration plan
    Plan the migration from a single local state to this layout, step by step.✓ 已複製
    → terraform state mv steps + safety checkpoints

結果: A state layout you can migrate to without losing state.

注意事項
  • Accidentally deleting state during migration — Always pull and back up state files before any mv operation

組合

與其他 MCP 搭配,撬動十倍槓桿

terrashark-skill + aws-skill

AWS skill sizes architecture, TerraShark implements IaC

Design the architecture with aws-skill, implement as Terraform with terrashark.✓ 已複製
terrashark-skill + claude-code-owasp-skill

Security-review the generated IaC

After terrashark scaffolds the module, run OWASP security review on the IAM and networking blocks.✓ 已複製

工具

此 MCP 暴露的能力

工具輸入參數何時呼叫成本
Module scaffolding provider, resource shape Greenfield IaC Claude tokens
Hallucination fix tf file + error log Cleaning up AI-generated TF Claude tokens
State layout design envs, team shape Multi-env setups Claude tokens
Security defaults - Pre-prod review Claude tokens

成本與限制

運行它的成本

API 配額
None
每次呼叫 Token 數
10-30k per module
費用
Free
提示
Generate module by module, not whole environment in one shot.

安全

權限、密鑰、影響範圍

憑證儲存: No credentials. TerraShark doesn't run terraform apply itself.
資料出站: Prompts go to Claude. Terraform plan/apply hits your cloud provider using your local creds.

故障排查

常見錯誤與修復

terraform validate fails on unknown argument

Ask TerraShark to reconcile against the current provider doc URL; provider version may be newer than the skill's prompt context.

驗證: terraform providers
Plan creates unwanted destroys

Usually state-drift or implicit renaming. Run terraform plan -target to isolate before apply.

替代方案

terrashark 對比其他方案

替代方案何時用它替代權衡
Hand-writing with official docs openYou know the provider deeplySlower

更多

資源

📖 閱讀 GitHub 上的官方 README

🐙 查看未解決的 issue

🔍 瀏覽全部 400+ MCP 伺服器和 Skills