// ============================================
// Subnets in Horkos
// ============================================
// Demonstrates VPC, subnet, and security group creation
// First, create a log destination for VPC flow logs (required!)
val flowLogBucket = S3.createBucket("vpc-flow-logs",
tags: { purpose: "vpc-flow-logs" }
)
// Create a VPC with flow logs (security requirement)
val vpc = Network.createVpc("production",
cidr: "10.0.0.0/16",
flowLogs: flowLogBucket
)
// Create an internet gateway for public subnets
val igw = Network.createInternetGateway(vpc: vpc)
// ============================================
// EXAMPLE 1: Private Subnet (secure default)
// ============================================
// No unsafe needed - private subnets are the secure default
val privateSubnet = Network.createSubnet(
vpc: vpc,
cidr: "10.0.10.0/24",
zone: "us-east-1a"
)
// ============================================
// EXAMPLE 2: Public Subnet (requires unsafe)
// ============================================
// Public subnets require:
// 1. unsafe block (because public: true weakens security)
// 2. gateway parameter (internet gateway for public routing)
val publicSubnet = unsafe("Web tier needs public internet access") {
Network.createSubnet(
vpc: vpc,
cidr: "10.0.1.0/24",
zone: "us-east-1a",
public: true, // Weakens security → requires unsafe
mapPublicIp: true, // Also weakens security
gateway: igw // Required when public: true
)
}
// ============================================
// EXAMPLE 3: Security Errors
// ============================================
// This WON'T compile - public: true without gateway:
// val badSubnet = unsafe("Test") {
// Network.createSubnet(vpc: vpc, cidr: "10.0.2.0/24", zone: "us-east-1a", public: true)
// }
// Error: missing required parameter `gateway`
// `public: true` requires `gateway` parameter
// This WON'T compile - public: true without unsafe:
// val badSubnet2 = Network.createSubnet(
// vpc: vpc, cidr: "10.0.3.0/24", zone: "us-east-1a",
// public: true, gateway: igw
// )
// Error: parameter `public` weakens security and requires `unsafe`
// ============================================
// EXAMPLE 4: Creating Multiple Subnets with .map()
// ============================================
// Use .map() to create resources across availability zones
val zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
// Private subnets in each zone (no unsafe needed)
val privateSubnets = zones.map(zone =>
Network.createSubnet(vpc: vpc, zone: zone, cidr: "auto")
)
// Filter to specific zones
val primaryZones = zones.filter(z => z != "us-east-1c")
// ============================================
// EXAMPLE 5: Security Groups
// ============================================
val webSecurityGroup = Network.createSecurityGroup(vpc: vpc, name: "web-tier")
val appSecurityGroup = Network.createSecurityGroup(vpc: vpc, name: "app-tier")
val dbSecurityGroup = Network.createSecurityGroup(vpc: vpc, name: "db-tier")
// All have secure defaults: deny all ingress, allow all egress