General

How to Use IaC to Optimize Your Multicloud Strategy

How to Use IaC to Optimize Your Multicloud Strategy

Organizations generally favor one cloud, but a multicloud approach is a popular way of differentiating where the workload is run.

In this post, we dig deeper into the multicloud setup, the reasons for this approach, its benefits and risks, and how you can manage it optimally.

We will cover:

  1. What is multicloud?
  2. Are hybrid cloud and multicloud the same thing?
  3. Is multicloud a good choice for you?
  4. How can Spacelift help you to manage a multicloud setup?

What is multicloud?

Multicloud describes an approach where the workload is distributed between different cloud vendors. For example, you could combine Microsoft Azure and Oracle Cloud, or AWS and Google Cloud. The distribution of the workload may be different. The same type of applications may be split between two vendors, or each cloud could have completely different types of applications. 

Google defines the purpose of a multicloud solution as giving you the “flexibility to operate with the best computing environment for each workload.” The multicloud setup can contain public clouds, private ones, or a combination of public and private. The last option is called a hybrid cloud.

Companies can use a multicloud approach for various reasons. We will approach them from technical and business perspectives.

Technical reasons for using a multicloud setup

From a technical standpoint, a multicloud approach is adopted mainly to fulfill the expectations described in the architectural Quality Attributes – QA (formerly known as Non-Functional Requirements – NFR).

First, we need to understand that the modern approach to designing applications creates modularity, which enables easier migrations between different cloud vendors.

Disaster recovery

This is one of the most common scenarios for a multicloud setup. This approach must be considered carefully. Every cloud vendor offers various tools and approaches to achieve very robust disaster recovery. For example, AWS has an approach called Fault Tolerance, which involves using multiple regions to save data and operations. 

Resilience

Every provider experiences outages. Some do not impact the business much, but some are very severe. Using a multicloud setup limits this danger, and can even remove it completely. Again the organization must be very aware of the costs of this approach, which extend beyond just doubled monthly bills.

Flexibility

The possibility to select services from different vendors allows architects and engineers to choose the best option. One of the most common examples is when an organization uses AWS as their main vendor, but they use BigQuery in Google Cloud to run analytics.

Avoid vendor lock-in

Vendor lock-in has been demonized for years. Depending on the service used, it might play an important role in your SDLC. However, vendor lock-in should be reviewed not just from the perspective of the workload. For example, if you use a serverless approach, the solution will be more tightly integrated with the vendor. If the workload is run on virtual machines or managed Kubernetes, vendor lock-in is limited. However, vendor lock-in also relates to other elements of the system, like IaC. For example, if the team selects CloudFormation to manage infrastructure on AWS, it will be significantly harder to move some of the workload to Azure.

Business reasons to build multicloud

Agility

As your organization and your infrastructure scale, you need to be prepared for change. A multicloud approach enables this flexibility, giving you the freedom to consider solutions from multiple vendors to meet your specific, often fluid requirements.

Compliance

Organizations need to follow security and monitoring rules. This is especially important in regulated industries. Although cloud vendors hold all security certificates, both for physical and It security, there might be reasons to select one vendor over another. For example, one vendor may have better operational support for databases, but another could provide more suitable monitoring systems.

Costs

This is probably the most popular reason to differentiate between vendors and use a multicloud approach. Organizations compare the offerings from different vendors and select the cheapest. However, this approach might be misleading. The cost of the service may be lower, but the burden of maintaining two vendors may raise the bill significantly because you are doubling the code base or hiring more engineers to maintain all vendors.

Are hybrid cloud and multicloud the same thing?

Generally, yes. Both involve more than one cloud vendor. The difference is in the type of cloud — public or private:

  • Public cloud. This type of cloud is managed by a third party. Utilizing shared resources, it is the default approach of every cloud vendor. Shared resources in this case means that if we request a virtual machine, for example, this VM will be created and run on the underlying host with VMs requested by other customers. In other words, we share the same underlying infrastructure. This is not an issue usually, but shared infrastructure is not an option in some cases, especially in highly regulated environments. Public vendors offer the option of exclusive access to an entire underlying server, but this is not cheap. 
  • Private cloud. Private clouds are built within an organization’s data center for reasons of security. Private clouds might be a solution for highly regulated industries, but running a private cloud doesn’t provide the flexibility of using resources and forces organizations to deliver all the skills required on their own.

Based on the simplest definition of multicloud — workloads run by two or more vendors —, we can say that hybrid cloud is a multicloud option. In this case, it is a combination of public and private clouds.

Is multicloud a good choice for you?

It is important to emphasize that any decision made regarding the cloud setup is significant and will have a big impact on your business.

In the table below, I list aspects to consider when deciding whether or not to adopt a multicloud approach:

Area  Advantages Disadvantages
Costs In a multicloud setup, you can use a cheaper equivalent of a specific service. The competing service probably will not be significantly cheaper, and you also have to consider other costs, like network traffic between clouds (In general, all outgoing traffic from your cloud network is paid), potential license cost, and wider skills needed in your teams.
Flexibility A multicloud approach gives you more flexibility when selecting tools. Cloud offerings are similar in general, but some vendors offer much better solutions than others.  It is virtually impossible to find disadvantages for flexibility. The only one might be that you have to follow more vendors to be up-to-date with their solutions and changes.
Resiliency This might be the biggest advantage of multicloud solutions. Scalability, fault tolerance, disaster recovery — all these aspects can be leveraged. The risk for resiliency lies in the additional layers needed, like network connectivity between two clouds. This is another variable in the whole setup that needs to be controlled.
Vendor lock-in    Use of multicloud enforces another approach to specific solutions —, like serverless, for example. Every cloud has a different syntax and structure, and serverless services work slightly differently. This forces organizations to plan their adoption optimally to avoid vendor lock-in. Avoiding vendor lock-in may mean sacrificing the benefits of specific services.
Security Decomposing workload and services between different versions may be seen as increasing compliance and cloud governance. This decomposition allows you to encapsulate different functions in different areas. For example, a workload from Google Cloud can be monitored by tools run on AWS. Multicloud gives more attack surfaces and increases security costs. Security is also more complex.
Skills Using multicloud enables teams to learn more approaches, and technologies and use them daily. Multicloud requires more skills, which may require a bigger team or limit the proficiency of team members in specific tools.
Infrastructure control With a multicloud approach, you can limit the impact of misconfigurations or failed IaC applies. An IaC approach requires more skills, as teams need to manage more than one provider (for OpenTofu or Terraform) or more tools (i.e. AWS CloudFormation and ARM).

How can Spacelift help you to manage a multicloud setup?

Spacelift works with all major clouds. It is cloud-agnostic, so you can connect to the cloud of your choice from the platform. With the functionality I described above, Spacelift leverages the infrastructure management for multicloud. Let’s take a look at features that can help you to manage a multicloud setup.

As your infrastructure scales, you are likely to consider solutions offered by other vendors to address your changing needs. Spacelift gives you the flexibility to cater for not just for today’s workload, but for future challenges that may arise with different stacks, vendors, and technologies.

Multi-IaC approach

Tools like OpenTofu and Terraform allow you to manage your infrastructure without having to use any other tool, but different teams will often favor different tools, so you could end up with multiple IaC solutions in use at any one time. This diversity of tools becomes more likely when you adopt a more complex multicloud setup.

Spacelift prepares you for this, allowing users to define their workloads using multiple tools and wrappers — Terraform, Terragrunt, Opentofu, CloudFormation, Pulumi, Ansible, and Kubernetes. This flexibility enables you to manage all your infrastructure in one place.

Connections using short-lived credentials

Using short-lived credentials is one of the most secure ways to connect between two services. These types of credentials are issued when requested by an authenticated service and removed shortly after. In this way, we ensure that the credentials are much harder to compromise. To provide more configuration options, AWS, Azure, and Google Cloud can be configured with OIDC.

The image below shows the configuration for AWS. You can define the Spaces to which the integration is connected, the IAM Role, and the duration of the credential’s life.

spacelift multicloud credentials

Spaces

Spaces allow organizations to manage and order the environments. Your multicloud setup can be reflected with all environments and technical accounts, as in the example below:

multicloud spaces

Using Spaces gives your organization full control over what can be deployed in a specific space or group of Spaces, who can access them, and what the access level is.

Blueprints

The bigger your setup, the bigger your infrastructure, and the more important Blueprints may be to you. With Blueprints, you can leverage platform teams and self-service infrastructure — the benefits of which are described in the linked article.

Blueprints allow you to use multicloud capabilities without extensive training for everyone. The key element here is that you have one place where your infrastructure is collected, maintained, and controlled in terms of quality and security.

Stacks

To use an analogy from Kubernetes, Stacks are the smallest deployable units in Spacelift. You can organize stacks under Spaces, and use dependencies between them to create a chain of execution. With stacks, you have a 1:1 relation between your infrastructure and code.

Stack dependencies

Spacelift has just released Stack dependencies v.2. With this very powerful functionality, you can chain your stacks to create a comprehensive process of managing infrastructure and pass information between stacks. This significantly speeds up the infrastructure provisioning process and ensures that data between stacks will be valid and proper.

spacelift multicloud dependencies

Policies

With Policies, you can control the behavior of executions and access management. This video shows the implementation of security tools in the stack’s execution, but also how powerful policies can be.

In the image below, I present enforced policies during the stack execution.

Visualization

More resources to run and more vendors to manage often mean a more obscure picture of what we actually own in our organization. To ensure this awareness, we need proper visibility of the infrastructure. 

Spacelift offers two tools that can help you better understand the current state of your infrastructure. One is stack dependencies, which I described before. The second is the Resources functionality.

Resources allow you to see and organize all deployed resources. You can organize them by type, stacks, and more.

spacelift multicloud resources

Key takeaways

Multicloud has many flavors — from hybrid cloud to multiple public clouds, from expanding capabilities by using the best services to securing operations. The reasons for utilizing multicloud must be carefully considered, as it does have downsides. If your business case supports it, you are ready to start your multicloud journey.

And Spacelift is here to help you in this journey. With a wide range of functionality and compatibility with multiple clouds and IaC tools, Spacelift is ready to support you and your business to properly create and maintain your multicloud setup.

Does this sound like something your company should be doing? Book a demo with our engineering team to discuss your options in more detail. 

Automation and Collaboration Layer for Infrastructure as Code

Spacelift is a flexible orchestration solution for IaC development. It delivers enhanced collaboration, automation and controls to simplify and accelerate the provisioning of cloud based infrastructures.

Start free trial

The Practitioner’s Guide to Scaling Infrastructure as Code

Transform your IaC management to scale

securely, efficiently, and productively

into the future.

ebook global banner
Share your data and download the guide