An Example Multi-Cloud Terraform Configuration

This is an unusual article as it is principally only exists to deliver and explain a Terraform configuration that can be used as part of a broader investigation of running workloads in a multi-cloud infrastructure; specifically Google Cloud Platform (GCP) and Amazon Web Services (AWS).

The specific requirements of this configuration are:

  • Demonstrate workloads running on virtual machines (VM); i.e., Google Compute Engine (GCE) and Amazon Elastic Compute Cloud (EC2)
  • Demonstrate workloads running on managed Kubernetes, i.e., Google Kubernetes Engine (GKE) and Amazon Elastic Kubernetes Service (EKS)
  • Workloads run on virtual machines (including the Kubernetes nodes) with no public IP addresses
  • Workloads (including Kubernetes pods) have globally routable private IP addresses
  • Workloads can freely communicate amongst themselves; here using ICMP as the representative protocol
  • Using bastion hosts, one can SSH into the virtual machines (including the Kubernetes nodes)


You will need to copy the terraform.tfvars.sample file to terraform.tfvars in the root of the project; updating the following variables:

  • aws_key_name: AWS EC2 key pair name
  • gcp_project: The GCP project’s Project ID

To install the resources; from the root of the project run:

  • terraform init
  • terraform apply

To uninstall the resource; from the root of the project run:

  • terraform destroy

Google Cloud Platform (GCP)


  • Virtual Private Cloud (VPC)
  • Subnet ( primary and secondaries: and VMs (including Kubernetes nodes) on the primary, Kubernetes pods on the first secondary, and Kubernetes services on the second secondary
  • Cloud NAT (NAT)
  • GCE instance bastion (B)
  • GCE instance (I)
  • GKE cluster with three nodes (N); the diagram is missing the third zone and node

Amazon Web Services (AWS)


  • Virtual Private Cloud (
  • Public Subnets ( and
  • Private Subnets ( and
  • NAT Gateways (NAT)
  • Internet Gateway (IG)
  • EC2 instance bastion (B)
  • EC2 instance (I)
  • EKS cluster with two nodes (N)

Virtual Private Network (VPN)

Broad infrastructure, development, and soft-skill background