Summarizer Output (Step 1)
{
"app_summary": "Compute tier only: EC2 i-0601780d500bb51ea (t2.medium, stopped) in subnet-0b8c568bc3659b486 with private IP 172.31.27.120; EC2 i-0322a28bf1a8a68c5 (t2.micro, stopped) in subnet-05c9a438bb7c68867 with private IP 172.31.87.12. Both instances are associated to security group sg-090ff45d5d6ad1cd4 and have no IAM instance profile. No load balancers, autoscaling, containers, or managed app services in evidence.",
"boundary_label": "FedRAMP Authorization Boundary: AWS Account 154776478584 / VPC vpc-033668c99bb7641b0 (172.31.0.0/16)",
"data_summary": "Block storage only: EBS volumes count=3 attached to EC2 (volume details not provided). No managed data stores detected (no RDS, no S3).",
"flow_labels": [
"Internet \u2194 Internet Gateway (igw-0c2d9b6f737cc026e)",
"IGW \u2194 VPC (vpc-033668c99bb7641b0)",
"Subnet \u2194 EC2 (instance placement/attachment)",
"EC2 \u2194 Security Group (sg-090ff45d5d6ad1cd4)",
"EC2 \u2194 EBS Volumes (block storage)",
"IAM Users/Roles \u2194 EC2 (no instance profile attached; administrative access path not evidenced)"
],
"network_summary": "VPC vpc-033668c99bb7641b0 (172.31.0.0/16, default) contains 6 subnets: us-east-1a 172.31.32.0/20 (subnet-0c567848e2f3285b9), 1b 172.31.0.0/20 (subnet-0b3e792cb9abb6b15), 1c 172.31.80.0/20 (subnet-05c9a438bb7c68867), 1d 172.31.16.0/20 (subnet-0b8c568bc3659b486), 1e 172.31.48.0/20 (subnet-006336d9696975386), 1f 172.31.64.0/20 (subnet-06c23e873cdba6e94). Internet Gateway igw-0c2d9b6f737cc026e attached to the VPC enables internet routing path; no NAT gateways or private-only egress path shown. Route table count=1 and NACL count=1 are present (details not provided).",
"overview": "Single default VPC in us-east-1 with 6 subnets across AZs (all map public IP on launch), one attached Internet Gateway, and two stopped EC2 instances with EBS volumes. No NAT Gateways, VPC Endpoints, S3, RDS, CloudTrail, CloudWatch Logs, or VPC Flow Logs present in evidence.",
"security_summary": "Network security: 3 security groups (only sg-090ff45d5d6ad1cd4 referenced by EC2 instances), 1 network ACL, 1 route table, and an Internet Gateway attachment. Identity: IAM users=5, IAM roles=4, credential report=1, password policy=1 (no role/user names or trust relationships provided). Audit/monitoring components absent in evidence: CloudTrail trails=0, CloudWatch log groups=0, VPC Flow Logs=0 (recommend diagram placeholders if required for FedRAMP logging).",
"style_goals": [
"Single outer authorization boundary enclosing one VPC boundary with clear label (VPC ID and CIDR)",
"Group subnets by AZ in a compact grid and place EC2 instances inside their respective subnet boxes to minimize line crossings",
"Use orthogonal routing with distinct colors for internet edge (IGW) vs internal VPC flows; keep unused/absent components as dashed placeholders outside main flow"
],
"title": "AWS Authorization Boundary Diagram (Account 154776478584, us-east-1)"
}
Evidence JSON (Audit Trail)
{
"account_id": "154776478584",
"counts": {
"assets": [
{
"count": 3,
"resource_type": "ebs_volume"
},
{
"count": 2,
"resource_type": "ec2_instance"
}
],
"data_stores": [],
"identities": [
{
"count": 1,
"resource_type": "iam_credential_report"
},
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
],
"network_components": [
{
"count": 1,
"resource_type": "internet_gateway"
},
{
"count": 1,
"resource_type": "network_acl"
},
{
"count": 1,
"resource_type": "route_table"
},
{
"count": 3,
"resource_type": "security_group"
},
{
"count": 6,
"resource_type": "subnet"
},
{
"count": 1,
"resource_type": "vpc"
}
]
},
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"notes": {
"no_hallucination": true,
"resource_types_supported": [
"vpc",
"subnet",
"internet_gateway",
"nat_gateway",
"vpc_endpoint",
"vpc_flow_log",
"ec2_instance",
"rds_instance",
"s3_bucket",
"cloudtrail_trail",
"cloudwatch_log_group"
],
"sample_limit": 50
},
"resources": {
"cloudtrail_trails": [],
"cloudwatch_log_groups": [],
"ec2_instances": [
{
"account_id": "154776478584",
"data": {
"ebs_optimized": false,
"iam_instance_profile": null,
"instance_id": "i-0601780d500bb51ea",
"instance_type": "t2.medium",
"launch_time": "2022-09-10T16:59:37Z",
"monitoring_enabled": false,
"private_ip": "172.31.27.120",
"public_ip": null,
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-0b8c568bc3659b486",
"tags": {
"Name": "First Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "32a0eba7-e121-4edc-b1c1-bffef2933ace",
"region": "us-east-1",
"resource_id": "i-0601780d500bb51ea",
"resource_type": "ec2_instance"
},
{
"account_id": "154776478584",
"data": {
"ebs_optimized": false,
"iam_instance_profile": null,
"instance_id": "i-0322a28bf1a8a68c5",
"instance_type": "t2.micro",
"launch_time": "2022-09-20T23:57:09Z",
"monitoring_enabled": false,
"private_ip": "172.31.87.12",
"public_ip": null,
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-05c9a438bb7c68867",
"tags": {
"Name": "Second Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "5e7c6ca8-9065-4bcc-9165-dc107f489b27",
"region": "us-east-1",
"resource_id": "i-0322a28bf1a8a68c5",
"resource_type": "ec2_instance"
}
],
"internet_gateways": [
{
"account_id": "154776478584",
"data": {
"attachments": [
{
"State": "available",
"VpcId": "vpc-033668c99bb7641b0"
}
],
"internet_gateway_id": "igw-0c2d9b6f737cc026e",
"tags": {}
},
"id": "7ba32aea-41e3-41ff-ad43-ae942914a211",
"region": "us-east-1",
"resource_id": "igw-0c2d9b6f737cc026e",
"resource_type": "internet_gateway"
}
],
"nat_gateways": [],
"rds_instances": [],
"s3_buckets": [],
"subnets": [
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1d",
"available_ip_address_count": 4090,
"cidr_block": "172.31.16.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-0b8c568bc3659b486",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "0ca7e857-501a-4579-9f30-b196928262be",
"region": "us-east-1",
"resource_id": "subnet-0b8c568bc3659b486",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1a",
"available_ip_address_count": 4091,
"cidr_block": "172.31.32.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-0c567848e2f3285b9",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "0163976f-cd7a-4344-89e7-21923ede5856",
"region": "us-east-1",
"resource_id": "subnet-0c567848e2f3285b9",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1f",
"available_ip_address_count": 4091,
"cidr_block": "172.31.64.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-06c23e873cdba6e94",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "6de8f5bc-f770-4210-8378-7e35eb23fb8d",
"region": "us-east-1",
"resource_id": "subnet-06c23e873cdba6e94",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1c",
"available_ip_address_count": 4090,
"cidr_block": "172.31.80.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-05c9a438bb7c68867",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "e784ece9-6419-44d7-9377-18245fcb7131",
"region": "us-east-1",
"resource_id": "subnet-05c9a438bb7c68867",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1b",
"available_ip_address_count": 4091,
"cidr_block": "172.31.0.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-0b3e792cb9abb6b15",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "c9ced59b-6593-4686-a676-5f738af9753e",
"region": "us-east-1",
"resource_id": "subnet-0b3e792cb9abb6b15",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1e",
"available_ip_address_count": 4091,
"cidr_block": "172.31.48.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-006336d9696975386",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "9941a8ef-7fbb-44f9-b1da-eef0274aac63",
"region": "us-east-1",
"resource_id": "subnet-006336d9696975386",
"resource_type": "subnet"
}
],
"vpc_endpoints": [],
"vpc_flow_logs": [],
"vpcs": [
{
"account_id": "154776478584",
"data": {
"cidr_block": "172.31.0.0/16",
"dhcp_options_id": "dopt-0823549fe54a61393",
"instance_tenancy": "default",
"is_default": true,
"state": "available",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "10082cf8-7102-4134-a934-89c21d1accc0",
"region": "us-east-1",
"resource_id": "vpc-033668c99bb7641b0",
"resource_type": "vpc"
}
]
}
}