/ Directory / Playground / terrashark
← All servers ↗ GitHub
● Community LukasNiessen ⚡ Instant

terrashark

by LukasNiessen · LukasNiessen/terrashark

Terraform skill that actually follows HashiCorp best practices — eliminates LLM hallucinations with grounded, modular IaC.

TerraShark prevents the common Claude failure mode of hallucinated Terraform resource arguments by grounding generation in official HashiCorp best practices. Biases toward modular code, sensible state layout, and security defaults. Good for greenfield IaC and for fixing up LLM-generated Terraform that doesn't terraform plan cleanly.

▶ Watch demo 📦 Install 💡 Use Cases

Why use it

Key features

Live Demo

What it looks like in practice

terrashark-skill.replay ▶ ready
0/0

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "terrashark-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ],
      "_inferred": true
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "terrashark-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ],
      "_inferred": true
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "terrashark-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ],
      "_inferred": true
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "terrashark-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ],
      "_inferred": true
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "terrashark-skill",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/LukasNiessen/terrashark",
        "~/.claude/skills/terrashark"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json
{
  "context_servers": {
    "terrashark-skill": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/LukasNiessen/terrashark",
          "~/.claude/skills/terrashark"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add terrashark-skill -- git clone https://github.com/LukasNiessen/terrashark ~/.claude/skills/terrashark

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use terrashark

How to scaffold a production-grade AWS VPC module

👤 Platform engineers starting a new environment ⏱ ~45 min intermediate

When to use: Day one of a new AWS account; you want a VPC module that won't embarrass you in 6 months.

Prerequisites
  • Skill installed — git clone https://github.com/LukasNiessen/terrashark ~/.claude/skills/terrashark
  • terraform CLI 1.6+ — brew install terraform
Flow
  1. Generate module
    Use terrashark. AWS VPC module, 3 AZs, public + private + db subnets, NAT gateways per AZ, flow logs on.✓ Copied
    → Module with variables.tf, main.tf, outputs.tf — no hallucinated args
  2. Add security defaults
    Ensure default security group denies all, flow logs go to CloudWatch with KMS-CMK encryption.✓ Copied
    → Security group + logging + KMS wired
  3. Validate
    Run terraform init + validate + plan with example tfvars.✓ Copied
    → Clean plan output, no errors

Outcome: A VPC module that terraform validates clean and follows AWS best practices.

Pitfalls
  • LLM suggests deprecated aws_vpc_endpoint arg — TerraShark grounds in current docs; if drift still happens, ask it to cite the HashiCorp page
  • Module too monolithic — Ask for split: networking module vs. endpoints module separately
Combine with: aws-skill

Fix LLM-generated Terraform that doesn't plan

👤 Engineers cleaning up AI-generated IaC ⏱ ~20 min intermediate

When to use: Another LLM gave you Terraform that looks reasonable but terraform plan fails on unknown arguments.

Flow
  1. Point at the broken file
    terraform plan fails on modules/rds. Use terrashark to fix each invalid argument with the current correct form.✓ Copied
    → Per-error fix with HashiCorp doc reference
  2. Validate
    Re-run plan; if any errors remain, iterate.✓ Copied
    → Clean plan

Outcome: A file that plans clean.

Design a remote state layout for multi-env

👤 Teams graduating from local state ⏱ ~60 min advanced

When to use: You have dev + staging + prod and one giant terraform.tfstate.

Flow
  1. Propose layout
    Design S3 remote backend with per-env state files and DynamoDB locking. 3 envs.✓ Copied
    → Backend config per env with key separation + locking
  2. Migration plan
    Plan the migration from a single local state to this layout, step by step.✓ Copied
    → terraform state mv steps + safety checkpoints

Outcome: A state layout you can migrate to without losing state.

Pitfalls
  • Accidentally deleting state during migration — Always pull and back up state files before any mv operation

Combinations

Pair with other MCPs for X10 leverage

terrashark-skill + aws-skill

AWS skill sizes architecture, TerraShark implements IaC

Design the architecture with aws-skill, implement as Terraform with terrashark.✓ Copied
terrashark-skill + claude-code-owasp-skill

Security-review the generated IaC

After terrashark scaffolds the module, run OWASP security review on the IAM and networking blocks.✓ Copied

Tools

What this MCP exposes

ToolInputsWhen to callCost
Module scaffolding provider, resource shape Greenfield IaC Claude tokens
Hallucination fix tf file + error log Cleaning up AI-generated TF Claude tokens
State layout design envs, team shape Multi-env setups Claude tokens
Security defaults - Pre-prod review Claude tokens

Cost & Limits

What this costs to run

API quota
None
Tokens per call
10-30k per module
Monetary
Free
Tip
Generate module by module, not whole environment in one shot.

Security

Permissions, secrets, blast radius

Credential storage: No credentials. TerraShark doesn't run terraform apply itself.
Data egress: Prompts go to Claude. Terraform plan/apply hits your cloud provider using your local creds.

Troubleshooting

Common errors and fixes

terraform validate fails on unknown argument

Ask TerraShark to reconcile against the current provider doc URL; provider version may be newer than the skill's prompt context.

Verify: terraform providers
Plan creates unwanted destroys

Usually state-drift or implicit renaming. Run terraform plan -target to isolate before apply.

Alternatives

terrashark vs others

AlternativeWhen to use it insteadTradeoff
Hand-writing with official docs openYou know the provider deeplySlower

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills