Summarizer Output (Step 1)
{
"app_summary": "Compute layer: EC2 i-0601780d500bb51ea (t2.medium, stopped) in subnet-0b8c568bc3659b486 with private IP 172.31.27.120; EC2 i-0322a28bf1a8a68c5 (t2.micro, stopped) in subnet-05c9a438bb7c68867 with private IP 172.31.87.12. Both instances reference security group sg-090ff45d5d6ad1cd4 and have no IAM instance profile. No load balancers, autoscaling, containers, or managed app services in evidence.",
"boundary_label": "FedRAMP Authorization Boundary: AWS Account 154776478584 / VPC vpc-033668c99bb7641b0 (172.31.0.0/16) / Region us-east-1",
"data_summary": "Instance storage only: 3 EBS volumes (counts only; no volume IDs/details provided). No managed data stores (RDS) and no object storage (S3) in evidence. Depict EBS volumes as attached storage to EC2 instances as a generic EBS layer within the boundary.",
"flow_labels": [
"Internet \u2194 Internet Gateway (IGW) (inbound/outbound VPC connectivity)",
"IGW \u2194 Public Subnets (route table association; details not in evidence)",
"Subnet-0b8c568bc3659b486 \u2194 EC2 i-0601780d500bb51ea (private IP 172.31.27.120)",
"Subnet-05c9a438bb7c68867 \u2194 EC2 i-0322a28bf1a8a68c5 (private IP 172.31.87.12)",
"EC2 Instances \u2194 Security Group sg-090ff45d5d6ad1cd4 (traffic enforcement)",
"EC2 Instances \u2194 EBS Volumes (attached block storage; 3 volumes total)"
],
"network_summary": "VPC vpc-033668c99bb7641b0 (172.31.0.0/16, default) contains 6 public subnets across AZs: us-east-1a 172.31.32.0/20 (subnet-0c567848e2f3285b9), 1b 172.31.0.0/20 (subnet-0b3e792cb9abb6b15), 1c 172.31.80.0/20 (subnet-05c9a438bb7c68867), 1d 172.31.16.0/20 (subnet-0b8c568bc3659b486), 1e 172.31.48.0/20 (subnet-006336d9696975386), 1f 172.31.64.0/20 (subnet-06c23e873cdba6e94). Internet access via IGW igw-0c2d9b6f737cc026e attached to the VPC. Route table(s), NACL(s), and security groups exist (counts only); include as shared controls without specific rule detail.",
"overview": "Single default VPC in us-east-1 with 6 public subnets (mapPublicIpOnLaunch=true), one attached Internet Gateway, and two stopped EC2 instances each using the same security group. No NAT Gateways, VPC Endpoints, S3, RDS, CloudTrail, CloudWatch Logs, or VPC Flow Logs present in evidence.",
"security_summary": "Identity: IAM users (5), IAM roles (4), credential report (1), password policy (1) present (counts only; no specific principals/permissions provided). Network security: 3 security groups and 1 network ACL exist (counts only); instances use sg-090ff45d5d6ad1cd4. Logging/monitoring evidence absent: no CloudTrail trails, CloudWatch Log Groups, or VPC Flow Logs. Recommend diagram placeholders (clearly marked \u0027not in evidence\u0027) for CloudTrail/CloudWatch/VPC Flow Logs to support FedRAMP audit completeness.",
"style_goals": [
"Single outer authorization boundary with nested VPC container; subnets arranged in a 2x3 grid by AZ to minimize line overlap",
"Orthogonal routing with short arrows; all internet-facing flows exit/enter via a clearly separated \u0027Internet\u0027 area to the IGW then into the VPC",
"Consistent containment boxes (VPC \u003e Subnets \u003e EC2) and a side panel for shared controls (SG/NACL/Route Table) and missing-evidence placeholders; viewBox-based sizing for clean scaling"
],
"title": "AWS Authorization Boundary Diagram (Account 154776478584, us-east-1)"
}
Evidence JSON (Audit Trail)
{
"account_id": "154776478584",
"counts": {
"assets": [
{
"count": 3,
"resource_type": "ebs_volume"
},
{
"count": 2,
"resource_type": "ec2_instance"
}
],
"data_stores": [],
"identities": [
{
"count": 1,
"resource_type": "iam_credential_report"
},
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
],
"network_components": [
{
"count": 1,
"resource_type": "internet_gateway"
},
{
"count": 1,
"resource_type": "network_acl"
},
{
"count": 1,
"resource_type": "route_table"
},
{
"count": 3,
"resource_type": "security_group"
},
{
"count": 6,
"resource_type": "subnet"
},
{
"count": 1,
"resource_type": "vpc"
}
]
},
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"notes": {
"no_hallucination": true,
"resource_types_supported": [
"vpc",
"subnet",
"internet_gateway",
"nat_gateway",
"vpc_endpoint",
"vpc_flow_log",
"ec2_instance",
"rds_instance",
"s3_bucket",
"cloudtrail_trail",
"cloudwatch_log_group"
],
"sample_limit": 50
},
"resources": {
"cloudtrail_trails": [],
"cloudwatch_log_groups": [],
"ec2_instances": [
{
"account_id": "154776478584",
"data": {
"ebs_optimized": false,
"iam_instance_profile": null,
"instance_id": "i-0601780d500bb51ea",
"instance_type": "t2.medium",
"launch_time": "2022-09-10T16:59:37Z",
"monitoring_enabled": false,
"private_ip": "172.31.27.120",
"public_ip": null,
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-0b8c568bc3659b486",
"tags": {
"Name": "First Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "32a0eba7-e121-4edc-b1c1-bffef2933ace",
"region": "us-east-1",
"resource_id": "i-0601780d500bb51ea",
"resource_type": "ec2_instance"
},
{
"account_id": "154776478584",
"data": {
"ebs_optimized": false,
"iam_instance_profile": null,
"instance_id": "i-0322a28bf1a8a68c5",
"instance_type": "t2.micro",
"launch_time": "2022-09-20T23:57:09Z",
"monitoring_enabled": false,
"private_ip": "172.31.87.12",
"public_ip": null,
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-05c9a438bb7c68867",
"tags": {
"Name": "Second Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "5e7c6ca8-9065-4bcc-9165-dc107f489b27",
"region": "us-east-1",
"resource_id": "i-0322a28bf1a8a68c5",
"resource_type": "ec2_instance"
}
],
"internet_gateways": [
{
"account_id": "154776478584",
"data": {
"attachments": [
{
"State": "available",
"VpcId": "vpc-033668c99bb7641b0"
}
],
"internet_gateway_id": "igw-0c2d9b6f737cc026e",
"tags": {}
},
"id": "7ba32aea-41e3-41ff-ad43-ae942914a211",
"region": "us-east-1",
"resource_id": "igw-0c2d9b6f737cc026e",
"resource_type": "internet_gateway"
}
],
"nat_gateways": [],
"rds_instances": [],
"s3_buckets": [],
"subnets": [
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1d",
"available_ip_address_count": 4090,
"cidr_block": "172.31.16.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-0b8c568bc3659b486",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "0ca7e857-501a-4579-9f30-b196928262be",
"region": "us-east-1",
"resource_id": "subnet-0b8c568bc3659b486",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1a",
"available_ip_address_count": 4091,
"cidr_block": "172.31.32.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-0c567848e2f3285b9",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "0163976f-cd7a-4344-89e7-21923ede5856",
"region": "us-east-1",
"resource_id": "subnet-0c567848e2f3285b9",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1f",
"available_ip_address_count": 4091,
"cidr_block": "172.31.64.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-06c23e873cdba6e94",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "6de8f5bc-f770-4210-8378-7e35eb23fb8d",
"region": "us-east-1",
"resource_id": "subnet-06c23e873cdba6e94",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1c",
"available_ip_address_count": 4090,
"cidr_block": "172.31.80.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-05c9a438bb7c68867",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "e784ece9-6419-44d7-9377-18245fcb7131",
"region": "us-east-1",
"resource_id": "subnet-05c9a438bb7c68867",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1b",
"available_ip_address_count": 4091,
"cidr_block": "172.31.0.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-0b3e792cb9abb6b15",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "c9ced59b-6593-4686-a676-5f738af9753e",
"region": "us-east-1",
"resource_id": "subnet-0b3e792cb9abb6b15",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1e",
"available_ip_address_count": 4091,
"cidr_block": "172.31.48.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-006336d9696975386",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "9941a8ef-7fbb-44f9-b1da-eef0274aac63",
"region": "us-east-1",
"resource_id": "subnet-006336d9696975386",
"resource_type": "subnet"
}
],
"vpc_endpoints": [],
"vpc_flow_logs": [],
"vpcs": [
{
"account_id": "154776478584",
"data": {
"cidr_block": "172.31.0.0/16",
"dhcp_options_id": "dopt-0823549fe54a61393",
"instance_tenancy": "default",
"is_default": true,
"state": "available",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "10082cf8-7102-4134-a934-89c21d1accc0",
"region": "us-east-1",
"resource_id": "vpc-033668c99bb7641b0",
"resource_type": "vpc"
}
]
}
}