AWS Terraform Patterns: IAM, Networking, EKS, RDS, and Common Gotchas

Calendar February 22, 2026
Infrastructure
Intermediate
Aws-Terraform, Iam-Patterns, Eks-Setup, Rds-Configuration, Vpc-Networking
Terraform, Aws, Iam, Vpc, Eks, Rds, S3, Security-Groups, Irsa, Gotchas, Best-Practices
Terraform, Aws-Cli

AWS Terraform Patterns#

AWS is the most common Terraform target and the most complex. It has more services, more configuration options, and more subtle gotchas than Azure or GCP. This article covers the AWS-specific patterns that agents need to write correct, secure Terraform — with emphasis on the mistakes that cause real production issues.

IAM: The Foundation of Everything#

Every AWS resource that does anything needs IAM permissions. The two patterns agents must know: service roles (letting AWS services act on your behalf) and IRSA (letting Kubernetes pods assume IAM roles).

Azure Terraform Patterns: Resource Groups, AKS, Managed Identity, and Common Gotchas

Calendar February 22, 2026
Infrastructure
Intermediate
Azure-Terraform, Aks-Setup, Managed-Identity-Patterns, Resource-Group-Design
Terraform, Azure, Aks, Resource-Groups, Managed-Identity, Workload-Identity, Key-Vault, Vnet, Postgresql-Flexible, Gotchas
Terraform, Az

Azure Terraform Patterns#

Azure’s Terraform provider (azurerm) has its own idioms, naming conventions, and gotchas that differ significantly from AWS. The biggest differences: everything lives in a Resource Group, identity management uses Managed Identity (not IAM roles), and many services require explicit Private DNS Zone configuration for private networking.

Resource Groups: Azure’s Organizational Unit#

Every Azure resource belongs to a Resource Group. This is the first thing you create and the last thing you delete.

GCP Terraform Patterns: Projects, GKE, Workload Identity, Cloud SQL, and Common Gotchas

Calendar February 22, 2026
Infrastructure
Intermediate
Gcp-Terraform, Gke-Setup, Workload-Identity-Patterns, Cloud-Sql-Configuration
Terraform, Gcp, Gke, Workload-Identity, Cloud-Sql, Iam, Vpc, Secondary-Ranges, Service-Networking, Gotchas
Terraform, Gcloud

GCP Terraform Patterns#

GCP’s Terraform provider (google and google-beta) has patterns distinct from both AWS and Azure. The biggest differences: APIs must be explicitly enabled per project, IAM uses a binding model (not inline policies), and GKE requires secondary IP ranges for VPC-native networking. GCP resources also tend to have longer creation times with more eventual consistency.

Projects and API Enablement#

Before creating any resource in GCP, the corresponding API must be enabled in the project. This is the most common source of first-time failures.