Deployment of a Private Communication in a MultiCloud Environment (AWS and GCP) 100% Automated Using Terraform

In another project based on a real-world scenario, I acted as a Cloud Specialist in a company that uses Google Cloud and AWS services in separate architectures.

The company decided to interconnect the two architectures, in a completely private way, using the Virtual Private Gateway, Customer Gateway, Cloud Routers, Cloud VPN, among other services.

However, they needed it in production in a week. So, once GCP and AWS accounts were created, to save time, I decided to deploy it in a 100% automated way using Terraform.

As described by the architecture above, that I had to design in order to meet stakeholders requirements, the whole scenario was fully automated by using Terraform as an ‘Infrastructure as a Code’ or what we call IaC, in order to provide the whole architecture using terraform scripts from Google Cloud shell.

Before start creating the architecture, it was crucial to follow cloud Security best practices, by creating user roles related to EC2 Administration in AWS, and also creating Service Account for Compute Engine rules. In order to make instances in both ‘worlds’ (AWS and GCP) authenticate and know each other, I had to create EC2 ssh-key and a file.json for GCP’s VM. These two file will become as two arguments for two bash scripts that will automate the authentication for AWS and GCP respectively. However, two machines in both cloud providers will not be able to authenticate if we will not connect both of them to Google Cloud Shell VM (since we chose to run the project from it), hence an ssh-key should be created for and upload it into Google Cloud Compute Engine VM and into AWS EC2 instance.

After that, it was time to create terraform scripts, where I have used the Hashicorp official documentation to provide resources on both AWS and GCP. Starting from GCP, I had to create many resources, mainly : VPC, subnets, routing tables, cloud routers, Internet gateway, VPN , tunnels towards AWS , Elastic IP and a VM. For the AWS side, I had to create terraform scripts that will provide : VPC, subnets, Customer Gateway, Private Gateway, Internet gateway and an EC2 instance.

In the end, it looks like that the VMs are the cores of this secure, private and automated architecture, since communication between the two VMs will go through the internal IPs. Here you can also find a proof of communication between the two instances using ping command and Network Intelligence service from Google Cloud.