# Terraform AWS Multi-Account Architecture
module "organization" {
source = "terraform-aws-modules/organization/aws"
version = "~> 1.0"
aws_service_access_principals = [
"cloudtrail.amazonaws.com",
"config.amazonaws.com",
]
feature_set = "ALL"
organizational_units = {
security = {
name = "Security"
}
workloads = {
name = "Workloads"
}
shared-services = {
name = "Shared-Services"
}
}
}
# Network Topology
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "~> 3.0"
name = "production-vpc"
cidr = "10.0.0.0/16"
azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
single_nat_gateway = false
one_nat_gateway_per_az = true
enable_vpn_gateway = true
enable_dns_hostnames = true
enable_dns_support = true
tags = {
Environment = "production"
Terraform = "true"
}
}
# Service Mesh Configuration
resource "aws_appmesh_mesh" "main" {
name = "app-mesh"
spec {
egress_filter {
type = "ALLOW_ALL"
}
}
}
resource "aws_appmesh_virtual_node" "service" {
name = "service-a"
mesh_name = aws_appmesh_mesh.main.id
spec {
listener {
port_mapping {
port = 8080
protocol = "http"
}
health_check {
protocol = "http"
path = "/health"
healthy_threshold = 2
unhealthy_threshold = 2
timeout_millis = 2000
interval_millis = 5000
}
}
service_discovery {
aws_cloud_map {
namespace_name = "example.local"
service_name = "serviceA"
}
}
}
}
# Zero Trust Security Model
resource "aws_iam_role" "service_role" {
name = "service-role"
assume_role_policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Action = "sts:AssumeRole",
Principal = {
Service = "ecs-tasks.amazonaws.com"
},
Effect = "Allow",
Sid = ""
}
]
})
inline_policy {
name = "least-privilege"
policy = jsonencode({
Version = "2012-10-17",
Statement = [
{
Action = [
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:PutItem"
],
Effect = "Allow",
Resource = "arn:aws:dynamodb:*:*:table/ServiceATable"
}
]
})
}
}
Self-Service and Platform centric Cloud: My Journey with Multi-Cloud Blueprints
Infrastructure architecture today must balance reliability with elasticity—and compliance with speed. Over two decades, I’ve architected systems from secure AI platforms to real-time trading.
Multi-Cloud Design with Terraform
Designing reusable, GitOps-driven blueprints for BFSI enterprises has accelerated adoption with policy-as-code baked in.
Secure AI Infrastructure
Using Vault to manage token-level access to Bedrock, Vertex AI, and Pinecone—and encrypting LLM data pipelines end-to-end.
Key BFSI institutions Case Studies
- On-prem infra for high-frequency trading
- Cloud-native AIOps platforms with observability baked in
High-Availability Systems
Milliseconds matter in trading. I built infrastructure that sustained performance and uptime without compromise.
Great architecture isn’t visible—it’s felt in resilience, speed, and trust.
Return to Home