Reusable Terraform module patterns for provisioning VPCs, Transit Gateways, VNet peering, and cross-cloud interconnects in a consistent, auditable way.
Managing network infrastructure across AWS, Azure, and GCP with Terraform requires thoughtful module design. Copy-pasting provider-specific resources leads to drift, inconsistency, and audit failures. Here are the patterns we use in production.
Pattern 1: Abstracted Network Module
Create a network module that accepts a cloud-agnostic specification and delegates to provider-specific sub-modules:
module "network" {
source = "./modules/network"
cloud = "aws" # or "azure" or "gcp"
cidr = "10.100.0.0/16"
region = "eu-south-1"
environment = "production"
subnets = {
public = ["10.100.1.0/24", "10.100.2.0/24"]
private = ["10.100.10.0/24", "10.100.11.0/24"]
data = ["10.100.20.0/24", "10.100.21.0/24"]
}
}Pattern 2: Hub-Spoke with Transit
Use a dedicated transit module that wires spoke VPCs/VNets to a central hub. On AWS this creates Transit Gateway attachments; on Azure it creates VNet peering to a hub VNet with Azure Firewall.
Pattern 3: Cross-Cloud Interconnect
Model the interconnect as a separate root module that provisions both sides (e.g., AWS Direct Connect + Azure ExpressRoute to the same Equinix Fabric port) and manages BGP peering configuration.
The key principle: keep provider-specific logic in sub-modules, expose a consistent interface at the top level, and use Terratest for integration validation.