In our Lego city analogy, storage and databases are the warehouses and libraries. Each country (cloud provider) has its own style of warehouse - AWS has S3 buckets, Azure has Blob Storage, GCP has Cloud Storage - and its own library system for structured data (RDS, Azure SQL, Cloud SQL).

To build a truly global city, you need to manage these warehouses and libraries consistently across clouds. This chapter explores how Terraform provisions storage and databases across AWS, Azure, and GCP.

Key Concepts

1. Storage Services

• AWS S3: Object storage, versioning, encryption.
• Azure Blob Storage: Containers, access tiers (hot, cool, archive).
• GCP Cloud Storage: Buckets, lifecycle rules, IAM policies.

2. Database Services

• AWS RDS: Managed relational databases (MySQL, PostgreSQL, etc.).
• Azure SQL Database: Fully managed SQL service.
• GCP Cloud SQL: Managed MySQL/PostgreSQL instances.

3. Replication & Backup

• Cross‑Cloud Replication: Sync data between S3 and Blob Storage.
• Multi‑Cloud Backup: Store backups in secondary provider for resilience.
• Disaster Recovery: Failover databases across providers.

4. Security Considerations

• Encrypt data at rest and in transit.
• Restrict access with IAM roles, NSGs, firewall rules.
• Use secret managers for DB credentials.
• Apply Sentinel policies for compliance (e.g. enforce encryption).

Hands‑On Lab / Demo

Lab: Provisioning Storage & Databases Across Clouds

GCP Cloud SQL:

resource "google_sql_database_instance" "gcp_sql" {
  name             = "gcp-sql"
  database_version = "MYSQL_8_0"
  region           = "us-central1"
  settings {
    tier = "db-f1-micro"
  }
}

Azure SQL Database:

resource "azurerm_sql_database" "azure_sql" {
  name                = "azure-sqldb"
  resource_group_name = azurerm_resource_group.rg.name
  location            = "East US"
  server_name         = azurerm_sql_server.sqlserver.name
}

AWS RDS Instance:

resource "aws_db_instance" "aws_rds" {
  engine            = "mysql"
  instance_class    = "db.t3.micro"
  allocated_storage = 20
  username          = var.db_user
  password          = var.db_pass
  skip_final_snapshot = true
}

GCP Cloud Storage:

resource "google_storage_bucket" "gcp_bucket" {
  name     = "gcp-storage-bucket"
  location = "US"
}

Azure Blob Storage:

resource "azurerm_storage_account" "azure_storage" {
  name                     = "azurestorageacct"
  resource_group_name      = azurerm_resource_group.rg.name
  location                 = "East US"
  account_tier             = "Standard"
  account_replication_type = "LRS"
}

AWS S3 Bucket:

resource "aws_s3_bucket" "aws_bucket" {
  bucket = "aws-storage-bucket"
  acl    = "private"
}

Pro Tips & Best Practices

• Always enable encryption for storage buckets.
• Use lifecycle rules to manage storage costs.
• Place databases in private subnets for security.
• Replicate backups across providers for disaster recovery.
• Document storage and DB configurations for consistency.

Summary & Cheatsheet

• Storage: S3 (AWS), Blob (Azure), Cloud Storage (GCP).
• Databases: RDS (AWS), Azure SQL, Cloud SQL (GCP).
• Replication & Backup: Cross‑cloud sync for resilience.
• Security: Encryption, IAM, NSGs, firewall rules.

Quick mnemonic: Buckets → Databases → Backup → Secure

The Hackers Notebook

Storage and databases are the memory and warehouse systems of multi‑cloud deployments. By provisioning S3, Blob Storage, Cloud Storage, and managed databases across providers, you ensure resilience, compliance, and global reach.