// Horkos Infrastructure Example
// Every resource is secure by default
// S3 bucket - automatically encrypted, versioned, access blocked
val appData = S3.createBucket("my-app-data")
// Flow logs required for VPC (security requirement)
val logBucket = S3.createBucket("vpc-logs")
val vpc = Network.createVpc("main", cidr: "10.0.0.0/16", flowLogs: logBucket)
// ============================================
// Iteration with .map() and .filter()
// ============================================
val zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
// Create a subnet in each zone
val subnets = zones.map(zone =>
Network.createSubnet(vpc: vpc, zone: zone, cidr: "auto")
)
// Filter to specific zones
val primaryZones = zones.filter(z => z != "us-east-1c")
// ============================================
// Expressions
// ============================================
val count = 1 + 2 * 3
val isValid = count > 5 && count < 100
val negated = -count
val notValid = !isValid
// ============================================
// Taint Tracking
// ============================================
// Import legacy Terraform - automatically marked as Unverified<T>
import "legacy/storage.tf" as legacy
// Using tainted values requires unsafe with justification
val legacyBucket = unsafe("MIGRATE-2024: Verified encryption, see ticket #402") {
legacy.oldBucket
}
// ============================================
// Security Groups
// ============================================
// Secure by default (deny all ingress)
val appSg = Network.createSecurityGroup(vpc: vpc, name: "app")
// Internal traffic allowed without unsafe
val dbSg = Network.createSecurityGroup(
vpc: vpc,
name: "db",
ingressRules: [
{ port: 5432, sourceSecurityGroup: appSg, description: "PostgreSQL from app" }
]
)