{
  "version": "1.0.0",
  "name": "Web tier with private egress",
  "description": "A small production-style VPC with a public web VM, a private app VM, Cloud Router, and Cloud NAT.",
  "components": [
    {
      "id": "project-prod",
      "kind": "project",
      "name": "devforge-prod",
      "label": "Prod Project",
      "projectId": "devforge-prod",
      "environment": "prod",
      "position": { "x": 0, "y": 40 }
    },
    {
      "id": "vpc-core",
      "kind": "vpc",
      "name": "prod-core-vpc",
      "label": "Core VPC",
      "projectRef": "project-prod",
      "routingMode": "REGIONAL",
      "autoCreateSubnetworks": false,
      "mtu": 1460,
      "isSharedVpcHost": false,
      "position": { "x": 250, "y": 40 }
    },
    {
      "id": "subnet-web",
      "kind": "subnet",
      "name": "prod-web-us-central1",
      "label": "Web Subnet",
      "vpcId": "vpc-core",
      "region": "us-central1",
      "cidr": "10.10.0.0/24",
      "purpose": "PUBLIC",
      "privateGoogleAccess": true,
      "flowLogs": true,
      "secondaryRanges": [],
      "position": { "x": 200, "y": 220 }
    },
    {
      "id": "subnet-app",
      "kind": "subnet",
      "name": "prod-app-us-central1",
      "label": "App Subnet",
      "vpcId": "vpc-core",
      "region": "us-central1",
      "cidr": "10.10.1.0/24",
      "purpose": "PRIVATE",
      "privateGoogleAccess": true,
      "flowLogs": true,
      "secondaryRanges": [],
      "position": { "x": 460, "y": 220 }
    },
    {
      "id": "vm-web",
      "kind": "vmInstance",
      "name": "web-vm-01",
      "label": "Web VM",
      "region": "us-central1",
      "zone": "us-central1-a",
      "subnetId": "subnet-web",
      "vpcId": "vpc-core",
      "machineType": "e2-medium",
      "internalIp": "10.10.0.10",
      "hasExternalIp": true,
      "networkTags": ["web"],
      "needsInternetEgress": true,
      "exposedPorts": [80, 443],
      "position": { "x": 180, "y": 400 }
    },
    {
      "id": "vm-app",
      "kind": "vmInstance",
      "name": "app-vm-01",
      "label": "App VM",
      "region": "us-central1",
      "zone": "us-central1-a",
      "subnetId": "subnet-app",
      "vpcId": "vpc-core",
      "machineType": "e2-medium",
      "internalIp": "10.10.1.10",
      "hasExternalIp": false,
      "networkTags": ["app"],
      "needsInternetEgress": true,
      "exposedPorts": [],
      "position": { "x": 470, "y": 400 }
    },
    {
      "id": "fw-web",
      "kind": "firewallRule",
      "name": "allow-web-ingress",
      "label": "Allow Web",
      "vpcId": "vpc-core",
      "priority": 1000,
      "direction": "INGRESS",
      "action": "allow",
      "sourceRanges": ["0.0.0.0/0"],
      "destinationRanges": [],
      "targetTags": ["web"],
      "targetServiceAccounts": [],
      "protocol": "tcp",
      "ports": [80, 443],
      "loggingEnabled": true,
      "disabled": false,
      "position": { "x": 690, "y": 180 }
    },
    {
      "id": "fw-app-egress",
      "kind": "firewallRule",
      "name": "allow-app-egress",
      "label": "Allow App Egress",
      "vpcId": "vpc-core",
      "priority": 1000,
      "direction": "EGRESS",
      "action": "allow",
      "sourceRanges": [],
      "destinationRanges": ["0.0.0.0/0"],
      "targetTags": ["app"],
      "targetServiceAccounts": [],
      "protocol": "tcp",
      "ports": [443],
      "loggingEnabled": true,
      "disabled": false,
      "position": { "x": 690, "y": 300 }
    },
    {
      "id": "router-core",
      "kind": "cloudRouter",
      "name": "core-router",
      "label": "Cloud Router",
      "vpcId": "vpc-core",
      "region": "us-central1",
      "bgpAsn": 64514,
      "advertisedMode": "DEFAULT",
      "position": { "x": 700, "y": 430 }
    },
    {
      "id": "nat-core",
      "kind": "cloudNat",
      "name": "core-nat",
      "label": "Cloud NAT",
      "vpcId": "vpc-core",
      "routerId": "router-core",
      "region": "us-central1",
      "subnetIds": ["subnet-app"],
      "appliesToAllSubnets": false,
      "natIpAllocateOption": "AUTO_ONLY",
      "position": { "x": 930, "y": 430 }
    },
    {
      "id": "internet",
      "kind": "internet",
      "name": "internet",
      "label": "Internet",
      "position": { "x": 960, "y": 40 }
    }
  ],
  "connections": [
    { "id": "c1", "sourceId": "project-prod", "targetId": "vpc-core", "kind": "attachment" },
    { "id": "c2", "sourceId": "vpc-core", "targetId": "subnet-web", "kind": "attachment" },
    { "id": "c3", "sourceId": "vpc-core", "targetId": "subnet-app", "kind": "attachment" },
    { "id": "c4", "sourceId": "subnet-web", "targetId": "vm-web", "kind": "attachment" },
    { "id": "c5", "sourceId": "subnet-app", "targetId": "vm-app", "kind": "attachment" },
    { "id": "c6", "sourceId": "vpc-core", "targetId": "fw-web", "kind": "attachment" },
    { "id": "c7", "sourceId": "vpc-core", "targetId": "fw-app-egress", "kind": "attachment" },
    { "id": "c8", "sourceId": "vpc-core", "targetId": "router-core", "kind": "attachment" },
    { "id": "c9", "sourceId": "router-core", "targetId": "nat-core", "kind": "attachment" },
    { "id": "c10", "sourceId": "subnet-app", "targetId": "nat-core", "kind": "attachment" },
    { "id": "c11", "sourceId": "internet", "targetId": "vm-web", "kind": "reference" }
  ]
}
