Terraform for Multi-Cloud Deployments

Task Overview

This task demonstrates how to deploy and manage cloud workloads across AWS, Azure, and GCP using a single Terraform configuration. The project includes provisioning compute instances, storage, networking, and security policies in each cloud while ensuring consistency and automation using Terraform.

Objectives

• Multi-Cloud Support: Deploy and manage infrastructure across AWS, Azure, and GCP using Terraform.
• Infrastructure as Code (IaC): Automate provisioning and management of resources.
• Modular & Scalable Design: Use Terraform modules for reusable infrastructure across different clouds.
• State Management & Security: Store Terraform state securely using remote backends (AWS S3, Azure Blob, GCP Cloud Storage).
• CI/CD Integration: Automate deployments using GitHub Actions or Jenkins.
• Networking & Security: Configure VPC, Subnets, Security Groups, IAM, and Firewall Rules across providers.

Technology Stack

• Terraform (Infrastructure as Code)
• AWS: EC2, S3, VPC, IAM
• Azure: Virtual Machines, Blob Storage, Virtual Networks, RBAC
• GCP: Compute Engine, Cloud Storage, VPC, IAM
• Terraform Cloud/Backend: AWS S3 + DynamoDB / Azure Blob Storage / GCP Cloud Storage
• CI/CD: GitHub Actions / Jenkins
• Monitoring: Prometheus, Grafana

High-Level Architecture

                  +---------------------------------+
                  |         GitHub/Jenkins         |
                  +---------------------------------+
                               |
           ---------------------------------------------------
           |                     |                        |
       AWS VPC               Azure VNet               GCP VPC
      (EC2, S3)             (VM, Blob)              (GCE, GCS)
           |                     |                        |
      Security Groups       NSG & RBAC              Firewall Rules
    

Implementation Steps

Step 1: Setup Terraform for Multi-Cloud

1. Install Terraform

       curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
       sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
       sudo apt-get update && sudo apt-get install terraform
       terraform -version
               

2. Setup Provider Credentials
   • AWS: Create IAM user and configure AWS CLI
   • Azure: Register an app in Azure AD and obtain credentials
   • GCP: Generate a service account key
3. Initialize Terraform Providers

       terraform {
         required_providers {
           aws = { source = "hashicorp/aws" }
           azurerm = { source = "hashicorp/azurerm" }
           google = { source = "hashicorp/google" }
         }
       }
               

Step 2: Configure Remote State Backend

Use S3/DynamoDB, Azure Blob Storage, or GCP Cloud Storage for state management.

1. AWS S3 Backend Example:

    terraform {
      backend "s3" {
        bucket         = "terraform-state-multicloud"
        key            = "global/terraform.tfstate"
        region         = "us-east-1"
        encrypt        = true
        dynamodb_table = "terraform-lock"
      }
    }
    

2. Azure Blob Backend Example:

    terraform {
  backend "azurerm" {
    resource_group_name   = "terraform-backend"
    storage_account_name  = "tfstateaccount"
    container_name        = "tfstate"
    key                   = "terraform.tfstate"
  }
}

    

Step 3: Define Multi-Cloud Infrastructure

1. AWS EC2 Instance

    provider "aws" {
  region = "us-east-1"
}

resource "aws_instance" "web" {
  ami           = "ami-12345678"
  instance_type = "t2.micro"
  tags = {
    Name = "AWS-WebServer"
  }
}
    

2. Azure Virtual Machine

provider "azurerm" {
  features {}
}

resource "azurerm_virtual_machine" "web" {
  name                = "AzureVM"
  location            = "East US"
  resource_group_name = "terraform-rg"
  vm_size             = "Standard_B1s"
}

3. GCP Compute Engine

provider "google" {
  project = "my-gcp-project"
  region  = "us-central1"
}

resource "google_compute_instance" "web" {
  name         = "GCP-WebServer"
  machine_type = "e2-medium"
  zone         = "us-central1-a"
}

Step 4: Networking and Security

AWS VPC with Security Group

   resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_security_group" "allow_ssh" {
  vpc_id = aws_vpc.main.id
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

    

Azure NSG (Network Security Group)

resource "azurerm_network_security_group" "nsg" {
  name                = "azure-nsg"
  location            = "East US"
  resource_group_name = "terraform-rg"
}

GCP Firewall Rule

resource "google_compute_firewall" "allow-ssh" {
  name    = "allow-ssh"
  network = "default"
  allow {
    protocol = "tcp"
    ports    = ["22"]
  }
}

Step 5: Apply Terraform Configuration

1. Initialize Terraform

terraform init

2. Validate Configuration

terraform validate

3. Plan Infrastructure

terraform plan

4. Apply Infrastructure

terraform apply -auto-approve

Step 6: CI/CD Pipeline for Terraform Deployment

Using GitHub Actions for automation.

    name: Terraform Multi-Cloud Deployment

on:
  push:
    branches:
      - main

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout Code
        uses: actions/checkout@v2

      - name: Setup Terraform
        uses: hashicorp/setup-terraform@v1

      - name: Terraform Init
        run: terraform init

      - name: Terraform Plan
        run: terraform plan

      - name: Terraform Apply
        run: terraform apply -auto-approve

    

Monitoring Setup

• AWS CloudWatch for EC2 monitoring
• Azure Monitor for VM monitoring
• GCP Stackdriver for Compute Engine monitoring
• Prometheus & Grafana for centralized multi-cloud monitoring

Project Outcomes

• Fully automated multi-cloud infrastructure using Terraform
• Secure and scalable deployments across AWS, Azure, and GCP
• State management using remote backends
• CI/CD pipeline for continuous Terraform deployment
• Networking & Security policies implemented consistently across clouds

Next Steps

• Extend the project to include Kubernetes (EKS, AKS, GKE)
• Add database services like RDS, Azure SQL, and Cloud SQL
• Implement Service Mesh for multi-cloud communication (e.g., Istio)

Conclusion

This project provides a production-ready Terraform setup for deploying and managing workloads across AWS, Azure, and GCP with a unified IaC approach. It ensures scalability, security, and automation, making multi-cloud management seamless. 🚀