Imagine your Lego city now spans multiple countries. Each country has its own road system, traffic rules, and checkpoints. To connect them, you need bridges, tunnels, and secure borders.

In Terraform, this is the challenge of multi‑cloud networking: designing VPCs (AWS), VNets (Azure), and VPC networks (GCP), then connecting them securely for cross‑cloud communication. This chapter explores how to build isolated yet connected networks across providers.

Key Concepts

1. Cloud‑Specific Networking

• AWS VPC:
  • CIDR block (e.g., 10.0.0.0/16).
  • Public/private subnets, Internet/NAT gateways.
• Azure VNet:
  • Address space (e.g., 10.1.0.0/16).
  • Subnets, Network Security Groups (NSGs).
• GCP VPC:
  • Global VPC with regional subnets.
  • Firewall rules instead of SGs.

2. Cross‑Cloud Connectivity

• VPN Connections: Secure tunnels between AWS VPC and Azure VNet.
• Interconnect/ExpressRoute: Dedicated links for high‑bandwidth, low‑latency connections.
• Peering: Connect VPCs/VNets across clouds for private communication.
• DNS & Routing: Ensure consistent name resolution and routing policies.

3. Security Considerations

• Isolate workloads with private subnets.
• Restrict traffic with SGs (AWS), NSGs (Azure), firewall rules (GCP).
• Encrypt traffic across VPNs.
• Apply Sentinel policies for compliance.

Hands‑On Lab / Demo

Lab: Multi‑Cloud Networking Setup

1. Cross‑Cloud VPN Example:
   • Configure AWS VPN Gateway.
   • Configure Azure VPN Gateway.
   • Establish tunnel between them.

GCP VPC:

resource "google_compute_network" "gcp_vpc" {
  name                    = "gcp-vpc"
  auto_create_subnetworks = false
}

Azure VNet:

resource "azurerm_virtual_network" "azure_vnet" {
  name                = "azure-vnet"
  address_space       = ["10.1.0.0/16"]
  location            = "East US"
  resource_group_name = azurerm_resource_group.rg.name
}

AWS VPC:

resource "aws_vpc" "aws_vpc" {
  cidr_block = "10.0.0.0/16"
}

Pro Tips & Best Practices

• Use consistent CIDR ranges to avoid overlap.
• Document routing tables across clouds.
• Encrypt all cross‑cloud traffic.
• Test connectivity with simple ping/HTTP requests.
• Automate VPN setup with Terraform modules.

Summary & Cheatsheet

• AWS VPC, Azure VNet, GCP VPC = Cloud‑specific networks.
• Connectivity: VPN, interconnect, peering.
• Security: SGs, NSGs, firewall rules, encryption.
• Best practice: Consistent CIDR, documented routing, automated setup.

Quick mnemonic: VPCs → Connect → Secure → Document

The Hackers Notebook

Networking across clouds is the foundation of multi‑cloud deployments. By designing VPCs, VNets, and GCP networks, and connecting them securely, you enable workloads to communicate across providers.