Summarizer Output (Step 1)
{
"app_summary": "Compute-only footprint: EC2 i-0601780d500bb51ea (t2.medium, stopped) in subnet-0b8c568bc3659b486 with private IP 172.31.27.120; EC2 i-0322a28bf1a8a68c5 (t2.micro, stopped) in subnet-05c9a438bb7c68867 with private IP 172.31.87.12. Both attach security group sg-090ff45d5d6ad1cd4. No load balancers, autoscaling, containers, or serverless resources in evidence. No IAM instance profiles attached.",
"boundary_label": "AWS Account 154776478584 / Region us-east-1 / VPC vpc-033668c99bb7641b0 (172.31.0.0/16, default)",
"data_summary": "No managed data stores evidenced (no RDS, no S3). Storage indicated only by EBS volume count=3 (volumes not enumerated), implying EC2-backed block storage for the two instances; encryption state/keys not provided in evidence.",
"flow_labels": [
"Internet \u2194 Internet Gateway (IGW)",
"IGW \u2194 VPC public subnet routing (implied)",
"EC2 i-0601780d500bb51ea \u2194 Security Group sg-090ff45d5d6ad1cd4",
"EC2 i-0322a28bf1a8a68c5 \u2194 Security Group sg-090ff45d5d6ad1cd4",
"EC2 \u2194 EBS volumes (count: 3; attachment details not provided)",
"Placeholder: VPC Flow Logs / CloudTrail / CloudWatch Logs (not evidenced)"
],
"network_summary": "VPC vpc-033668c99bb7641b0 (172.31.0.0/16) with IGW igw-0c2d9b6f737cc026e attached. Six subnets (all map_public_ip_on_launch=true): subnet-0b3e792cb9abb6b15 us-east-1b 172.31.0.0/20; subnet-0b8c568bc3659b486 us-east-1d 172.31.16.0/20; subnet-0c567848e2f3285b9 us-east-1a 172.31.32.0/20; subnet-006336d9696975386 us-east-1e 172.31.48.0/20; subnet-06c23e873cdba6e94 us-east-1f 172.31.64.0/20; subnet-05c9a438bb7c68867 us-east-1c 172.31.80.0/20. No NAT gateways or VPC endpoints evidenced; route table/NACL/SG counts exist but only one SG ID is referenced by instances.",
"overview": "Single default VPC with one attached Internet Gateway and six public subnets across AZs. Two stopped EC2 instances reside in separate subnets and share one security group; no public IPs, no NAT Gateways, no VPC Endpoints, and no observed managed data stores or logging services in evidence.",
"security_summary": "Network access controlled via Security Group sg-090ff45d5d6ad1cd4 (rules not provided) and one Network ACL (not enumerated). Perimeter connectivity exists via attached Internet Gateway, but instances have no public IPs. No CloudTrail trails, CloudWatch log groups, or VPC Flow Logs evidenced (placeholders recommended for audit completeness). IAM inventory present (users/roles/password policy/credential report counts) but specific principals/permissions not provided.",
"style_goals": [
"Draw a single thick outer authorization boundary for AWS Account/Region, with an inner VPC boundary containing subnets and EC2",
"Group the six subnets into one compact \u0027Public Subnets (6 AZs)\u0027 panel with two sub-panels highlighting only the two subnets hosting instances to reduce clutter",
"Use orthogonal, minimal connectors with labeled flow callouts in a side legend (no text on connector lines) and keep all external interactions on the left side near the IGW"
],
"title": "AWS Authorization Boundary Diagram \u2014 Account 154776478584 (us-east-1)"
}
Evidence JSON (Audit Trail)
{
"account_id": "154776478584",
"counts": {
"assets": [
{
"count": 3,
"resource_type": "ebs_volume"
},
{
"count": 2,
"resource_type": "ec2_instance"
}
],
"data_stores": [],
"identities": [
{
"count": 1,
"resource_type": "iam_credential_report"
},
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
],
"network_components": [
{
"count": 1,
"resource_type": "internet_gateway"
},
{
"count": 1,
"resource_type": "network_acl"
},
{
"count": 1,
"resource_type": "route_table"
},
{
"count": 3,
"resource_type": "security_group"
},
{
"count": 6,
"resource_type": "subnet"
},
{
"count": 1,
"resource_type": "vpc"
}
]
},
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"notes": {
"no_hallucination": true,
"resource_types_supported": [
"vpc",
"subnet",
"internet_gateway",
"nat_gateway",
"vpc_endpoint",
"vpc_flow_log",
"ec2_instance",
"rds_instance",
"s3_bucket",
"cloudtrail_trail",
"cloudwatch_log_group"
],
"sample_limit": 50
},
"resources": {
"cloudtrail_trails": [],
"cloudwatch_log_groups": [],
"ec2_instances": [
{
"account_id": "154776478584",
"data": {
"ebs_optimized": false,
"iam_instance_profile": null,
"instance_id": "i-0601780d500bb51ea",
"instance_type": "t2.medium",
"launch_time": "2022-09-10T16:59:37Z",
"monitoring_enabled": false,
"private_ip": "172.31.27.120",
"public_ip": null,
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-0b8c568bc3659b486",
"tags": {
"Name": "First Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "32a0eba7-e121-4edc-b1c1-bffef2933ace",
"region": "us-east-1",
"resource_id": "i-0601780d500bb51ea",
"resource_type": "ec2_instance"
},
{
"account_id": "154776478584",
"data": {
"ebs_optimized": false,
"iam_instance_profile": null,
"instance_id": "i-0322a28bf1a8a68c5",
"instance_type": "t2.micro",
"launch_time": "2022-09-20T23:57:09Z",
"monitoring_enabled": false,
"private_ip": "172.31.87.12",
"public_ip": null,
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-05c9a438bb7c68867",
"tags": {
"Name": "Second Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "5e7c6ca8-9065-4bcc-9165-dc107f489b27",
"region": "us-east-1",
"resource_id": "i-0322a28bf1a8a68c5",
"resource_type": "ec2_instance"
}
],
"internet_gateways": [
{
"account_id": "154776478584",
"data": {
"attachments": [
{
"State": "available",
"VpcId": "vpc-033668c99bb7641b0"
}
],
"internet_gateway_id": "igw-0c2d9b6f737cc026e",
"tags": {}
},
"id": "7ba32aea-41e3-41ff-ad43-ae942914a211",
"region": "us-east-1",
"resource_id": "igw-0c2d9b6f737cc026e",
"resource_type": "internet_gateway"
}
],
"nat_gateways": [],
"rds_instances": [],
"s3_buckets": [],
"subnets": [
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1d",
"available_ip_address_count": 4090,
"cidr_block": "172.31.16.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-0b8c568bc3659b486",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "0ca7e857-501a-4579-9f30-b196928262be",
"region": "us-east-1",
"resource_id": "subnet-0b8c568bc3659b486",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1a",
"available_ip_address_count": 4091,
"cidr_block": "172.31.32.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-0c567848e2f3285b9",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "0163976f-cd7a-4344-89e7-21923ede5856",
"region": "us-east-1",
"resource_id": "subnet-0c567848e2f3285b9",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1f",
"available_ip_address_count": 4091,
"cidr_block": "172.31.64.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-06c23e873cdba6e94",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "6de8f5bc-f770-4210-8378-7e35eb23fb8d",
"region": "us-east-1",
"resource_id": "subnet-06c23e873cdba6e94",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1c",
"available_ip_address_count": 4090,
"cidr_block": "172.31.80.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-05c9a438bb7c68867",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "e784ece9-6419-44d7-9377-18245fcb7131",
"region": "us-east-1",
"resource_id": "subnet-05c9a438bb7c68867",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1b",
"available_ip_address_count": 4091,
"cidr_block": "172.31.0.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-0b3e792cb9abb6b15",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "c9ced59b-6593-4686-a676-5f738af9753e",
"region": "us-east-1",
"resource_id": "subnet-0b3e792cb9abb6b15",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1e",
"available_ip_address_count": 4091,
"cidr_block": "172.31.48.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-006336d9696975386",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "9941a8ef-7fbb-44f9-b1da-eef0274aac63",
"region": "us-east-1",
"resource_id": "subnet-006336d9696975386",
"resource_type": "subnet"
}
],
"vpc_endpoints": [],
"vpc_flow_logs": [],
"vpcs": [
{
"account_id": "154776478584",
"data": {
"cidr_block": "172.31.0.0/16",
"dhcp_options_id": "dopt-0823549fe54a61393",
"instance_tenancy": "default",
"is_default": true,
"state": "available",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "10082cf8-7102-4134-a934-89c21d1accc0",
"region": "us-east-1",
"resource_id": "vpc-033668c99bb7641b0",
"resource_type": "vpc"
}
]
}
}