Multi Cloud Network Architecture

Building Networking Skills in the age of the Cloud

Multi Cloud Network Architecture

Building an Aviatrix Lab using Terraform

Share on linkedin
Share on twitter
Share on email


Aviatrix have developed their own Terraform provider which abstracts certain cloud native network and security functions from the main public cloud providers.

What do I mean by this? Well, VPC or VNET creation, for example, across multiple clouds using Terraform would require you to use the Terraform providers of the clouds in question (AWS, Azure, GCP, OCI, etc).

For example, building a VPC in AWS and a VNET in Azure would require writing a piece of terraform code referencing both AWS and Azure and using 2 different resource structures in your code.

However, by using the Aviatrix Terraform provider you can simply reference one piece of code with consistent attributes with only the cloud type different between the two.

The best way to get familiar with these resources and what they actually build is by testing.

That’s the objective of this post: to get up and running quickly with the objective of testing different configuration settings going forward.

I created this post to share how I build a simple Aviatrix lab environment in around 10 minutes in AWS. This can be tweaked for any Cloud provider. Drop me a line in the comments if you get stuck on that.

Below is a high-level overview of the lab we want to create:

We’ll be referring to 2 pre-created modules in this post. One of which I have modified to deploy the EC2 instances in the spoke VPCs. I wanted to have a light linux machine for testing.

A note on Terraform modules

A module in Terraform is a predefined piece of Terraform code that can be referenced in your configurations. It defines some input variables that you pass to the called module. Most modules are registered at the Hashicorp registry, but they can be referenced from other sources such as GitHub, S3 buckets, etc.

Below we will be referencing 2 modules by passing a number of variables to them for creation.

1. Transit Module

This module builds out the Transit VPC in AWS and has various inputs that can be manipulated. For the moment, let’s ignore those. We’ll come back to them in a future post.

2. Spoke Module

The above module is just a modified version of the original Aviatrix module.

I had some difficulties adding the EC2 hosts using the existing terraform module below.

I think this was because the subnet id was not exposed by the module, or in any case, I couldn’t manage to reference it. Therefore, I copied the module, modified it to do what I wanted and registered it under my own terraform account so I could use it.

Our Terraform Code

Here is the code I use to call the 2 modules.

# Build the AWS Transit 

module "transit_aws_1" {
  source  = "terraform-aviatrix-modules/aws-transit/aviatrix"
  version = "v4.0.3"

  cidr = ""
  region = "eu-central-1"
  account = "Eskimoo"

  name = "avffhub"
  ha_gw = "false"
  instance_size = "t2.micro"


# Build the AWS Spokes

module "spoke_aws" {
  source  = "Eskimoodigital/aws-spoke-ec2/aviatrix"
  version = "1.0.14"

  count = 2

  name            = "avffsp${count.index}"
  cidr            = var.spoke_cidrs[count.index]
  region          = "eu-central-1"
  account         = "Eskimoo"
  transit_gw      = "avx-avffhub-transit"
  vpc_subnet_size = "24"

  ha_gw = "false"
  instance_size = "t2.micro"

  ec2_key = "KP_AVI_EC2_SPOKE"

The code can be found here:

I explicitly deactivate HA in order to control cost. I also specify a lower spec EC2 instance for the same reason. Neither of these concessions are best practice.

Step by Step

Step 1 – Build your controller out separately.

I deployed the controller on AWS using the Cloudformation template referenced below. This is the simplest way to deploy the controller and I normally shut it down when not in use. This ensures I don’t have to go through the onboarding of my Cloud accounts every time.

You will need to subscribe to Aviatrix in the Amazon marketplace.

If you have any problems getting the controller deployed, drop me a line in the comments and I will write a separate post on that.

Once you have the controller up and running, you need to onboard the CSPs you intend to use:

Step 2 – Clone the code repository

Now you should clone my code directory from GitHub here:

Simply clone this locally and open it in your favorite IDE. Now, you are ready to modify it for your specific needs.

If you need some help on using GitHub, check out my post here.

Step 3 – Modify the Providers

Go to the file and you will find the below code:

provider "aviatrix" {
  controller_ip           = ""
  username                = "admin"
  password                = var.ctrl_password

Modify the IP address to be your controller’s public IP address. The password is defined as a variable and you will be prompted for it when you run terraform plan or apply.

Step 4 – Modify your IP Addressing (optional)

If you want to use different CIDRs to the ones I use in the range, then you will have to modify these in 2 places:

  1. in under the transit AWS module
  2. in under the spoke_cidrs variable

Step 5 – Modify the Account and EC2 Keys

In, under both modules, the AWS account name defined on the Aviatrix controller is referenced. You will need to change this to your particular account name.

Additionaly, under the spoke module, you need to modify the EC2 input to be the name of your own EC2 SSH access keys (these can be quickly configured and downloaded using the AWS console.

Step 6 – Run Terraform

You can now init, plan and run your code.

What Gets Built

The terraform code builds the below environment.

Aviatrix Sandbox (alternative)

Aviatrix has a sandbox starter tool that has been available for some time. It’s a great way to build an environment quickly to test some things out in a relatively cost-effective way. This method uses a docker image of EC2 instance which presents a web page with step by step instructions on building out the lab. However, it does not expose the Terraform code and allows for very little modification.


We can verify connectivity by pinging between the 2 spoke EC2 instances. All the infrastructure that gets built out to make this happen was abstracted from us. Have a look in the AWS console to see what was built running this piece of code. You’ll be surprised!

Otherwise, join me in the next post where I’ll go through in detail the different elements created.


So, for whatever purposes you may need a quick Aviatrix environment, you can of course use the sandbox, your own code, or feel free to use the code I’ve outlined in this post.

Share if you liked it
Share on linkedin
Share on twitter
Share on email
0 0 votes
Article Rating
Notify of
Oldest Most Voted
Inline Feedbacks
View all comments

[…] Building an Aviatrix Lab using Terraform Aviatrix Lab Build using Terraform – Part 2 […]


[…] If you missed part 1, you can find it here. […]


[…] a previous post, I outlined deploying a simple hub and spoke network using Terraform. Using that post, you can repeat the same test I have done here […]

20 year veteran of the networking industry currently specialising in Cloud Networking and Security.

CCIE #16661 (R&S, SP)


I am currently an employee of Aviatrix. All opinions, views and statements are my own and do not reflect that of my employer. Any errors are mine and mine alone. Any ignorance is mine, though I do believe my parents and the public school system should shoulder some of that blame. 

Recent Posts