Summarizer Output (Step 1)
{
"app_summary": "Two EC2 instances (stopped): i-0601780d500bb51ea \u0027First Instance\u0027 (t2.medium) in subnet-0b8c568bc3659b486; i-0322a28bf1a8a68c5 \u0027Second Instance\u0027 (t2.micro) in subnet-05c9a438bb7c68867. Both have only private IPs in evidence and share security group sg-090ff45d5d6ad1cd4; no IAM instance profiles evidenced.",
"boundary_label": "Authorization Boundary: AWS Account 154776478584 / Region us-east-1 / VPC vpc-033668c99bb7641b0 (172.31.0.0/16)",
"data_summary": "No RDS instances, no S3 buckets, and no other data stores evidenced. EC2 uses EBS volumes (3 total) as the only evidenced storage; represent as instance-attached block storage (no separate managed datastore tier).",
"flow_labels": {
"admin_flow": "Admin/operator -\u003e AWS manage",
"app_to_data": "EC2 -\u003e attached EBS volumes ",
"ingress_flow": "Inbound from Internet -\u003e IGW",
"log_flow": "EC2/VPC -\u003e logging services ",
"user_flow": "Internet user -\u003e IGW -\u003e (Pub"
},
"grouping_hints": {
"data_tier": "No separate managed data tier; depict EBS as attachments on each EC2 node (optional small \u0027EBS\u0027 badge) and avoid standalone datastore icons.",
"perimeter": "Place \u0027Internet\u0027 outside the authorization boundary; inside boundary show IGW at the VPC edge feeding into a \u0027Public Subnets\u0027 group. Indicate no NAT and no VPC endpoints as absent (do not draw unless as labeled \u0027not present\u0027).",
"security": "Show a \u0027Security Controls\u0027 group containing Security Groups (3) and Network ACL (1). Attach sg-090ff45d5d6ad1cd4 directly to both EC2 instances; list other SGs as \u0027additional SGs (2)\u0027 without assuming associations.",
"subnets": "Render a single \u0027Public Subnets (map_public_ip_on_launch=true)\u0027 container subdivided into 6 AZ-labeled subnet chips; only two need instance badges: subnet-0b8c568bc3659b486 (us-east-1d) and subnet-05c9a438bb7c68867 (us-east-1c). Keep remaining four subnets as empty capacity placeholders but marked as evidenced."
},
"layout_hints": {
"legend_position": "right",
"responsive_canvas": true,
"side_panels": true,
"subnet_columns": 3,
"support_panel_position": "left"
},
"network_summary": "VPC vpc-033668c99bb7641b0 with 6 subnets (all map_public_ip_on_launch=true) across AZs us-east-1a/1b/1c/1d/1e/1f. One Internet Gateway igw-0c2d9b6f737cc026e attached. No NAT Gateways and no VPC Endpoints evidenced.",
"overview": "Single (default) VPC with 6 public subnets and an attached Internet Gateway. Two stopped EC2 instances reside in separate subnets; no managed data stores, endpoints, NAT, or logging services are evidenced.",
"placeholder_sections": [
"management_path",
"cloudtrail",
"cloudwatch_logs",
"vpc_flow_logs"
],
"security_summary": "Perimeter control via Internet Gateway plus Security Groups (3 total) and a Network ACL (1 total) at subnet boundary (details not provided). No CloudTrail, CloudWatch Log Groups, or VPC Flow Logs evidenced; treat audit/logging as not configured or out of scope for this evidence set (use placeholders only if needed).",
"style_goals": [
"Emphasize authorization boundary and VPC-perimeter components before instance details",
"Minimize clutter by grouping the 6 public subnets into a single \u0027Public Subnets (6 AZs)\u0027 container with per-AZ labels",
"Use dashed styling for placeholders (unproven services/paths) and solid styling for evidenced resources"
],
"title": "AWS us-east-1 VPC Default Network with EC2 Instances (Acct 154776478584)"
}
Evidence JSON (Audit Trail)
{
"account_id": "154776478584",
"counts": {
"assets": [
{
"count": 3,
"resource_type": "ebs_volume"
},
{
"count": 2,
"resource_type": "ec2_instance"
}
],
"data_stores": [],
"identities": [
{
"count": 1,
"resource_type": "iam_credential_report"
},
{
"count": 1,
"resource_type": "iam_password_policy"
},
{
"count": 4,
"resource_type": "iam_role"
},
{
"count": 5,
"resource_type": "iam_user"
}
],
"network_components": [
{
"count": 1,
"resource_type": "internet_gateway"
},
{
"count": 1,
"resource_type": "network_acl"
},
{
"count": 1,
"resource_type": "route_table"
},
{
"count": 3,
"resource_type": "security_group"
},
{
"count": 6,
"resource_type": "subnet"
},
{
"count": 1,
"resource_type": "vpc"
}
]
},
"ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
"notes": {
"no_hallucination": true,
"resource_types_supported": [
"vpc",
"subnet",
"internet_gateway",
"nat_gateway",
"vpc_endpoint",
"vpc_flow_log",
"ec2_instance",
"rds_instance",
"s3_bucket",
"cloudtrail_trail",
"cloudwatch_log_group"
],
"sample_limit": 50
},
"resources": {
"cloudtrail_trails": [],
"cloudwatch_log_groups": [],
"ec2_instances": [
{
"account_id": "154776478584",
"data": {
"ebs_optimized": false,
"iam_instance_profile": null,
"instance_id": "i-0601780d500bb51ea",
"instance_type": "t2.medium",
"launch_time": "2022-09-10T16:59:37Z",
"monitoring_enabled": false,
"private_ip": "172.31.27.120",
"public_ip": null,
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-0b8c568bc3659b486",
"tags": {
"Name": "First Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "32a0eba7-e121-4edc-b1c1-bffef2933ace",
"region": "us-east-1",
"resource_id": "i-0601780d500bb51ea",
"resource_type": "ec2_instance"
},
{
"account_id": "154776478584",
"data": {
"ebs_optimized": false,
"iam_instance_profile": null,
"instance_id": "i-0322a28bf1a8a68c5",
"instance_type": "t2.micro",
"launch_time": "2022-09-20T23:57:09Z",
"monitoring_enabled": false,
"private_ip": "172.31.87.12",
"public_ip": null,
"security_group_ids": [
"sg-090ff45d5d6ad1cd4"
],
"state": "stopped",
"subnet_id": "subnet-05c9a438bb7c68867",
"tags": {
"Name": "Second Instance"
},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "5e7c6ca8-9065-4bcc-9165-dc107f489b27",
"region": "us-east-1",
"resource_id": "i-0322a28bf1a8a68c5",
"resource_type": "ec2_instance"
}
],
"internet_gateways": [
{
"account_id": "154776478584",
"data": {
"attachments": [
{
"State": "available",
"VpcId": "vpc-033668c99bb7641b0"
}
],
"internet_gateway_id": "igw-0c2d9b6f737cc026e",
"tags": {}
},
"id": "7ba32aea-41e3-41ff-ad43-ae942914a211",
"region": "us-east-1",
"resource_id": "igw-0c2d9b6f737cc026e",
"resource_type": "internet_gateway"
}
],
"nat_gateways": [],
"rds_instances": [],
"s3_buckets": [],
"subnets": [
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1d",
"available_ip_address_count": 4090,
"cidr_block": "172.31.16.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-0b8c568bc3659b486",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "0ca7e857-501a-4579-9f30-b196928262be",
"region": "us-east-1",
"resource_id": "subnet-0b8c568bc3659b486",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1a",
"available_ip_address_count": 4091,
"cidr_block": "172.31.32.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-0c567848e2f3285b9",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "0163976f-cd7a-4344-89e7-21923ede5856",
"region": "us-east-1",
"resource_id": "subnet-0c567848e2f3285b9",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1f",
"available_ip_address_count": 4091,
"cidr_block": "172.31.64.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-06c23e873cdba6e94",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "6de8f5bc-f770-4210-8378-7e35eb23fb8d",
"region": "us-east-1",
"resource_id": "subnet-06c23e873cdba6e94",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1c",
"available_ip_address_count": 4090,
"cidr_block": "172.31.80.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-05c9a438bb7c68867",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "e784ece9-6419-44d7-9377-18245fcb7131",
"region": "us-east-1",
"resource_id": "subnet-05c9a438bb7c68867",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1b",
"available_ip_address_count": 4091,
"cidr_block": "172.31.0.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-0b3e792cb9abb6b15",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "c9ced59b-6593-4686-a676-5f738af9753e",
"region": "us-east-1",
"resource_id": "subnet-0b3e792cb9abb6b15",
"resource_type": "subnet"
},
{
"account_id": "154776478584",
"data": {
"availability_zone": "us-east-1e",
"available_ip_address_count": 4091,
"cidr_block": "172.31.48.0/20",
"map_public_ip_on_launch": true,
"state": "available",
"subnet_id": "subnet-006336d9696975386",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "9941a8ef-7fbb-44f9-b1da-eef0274aac63",
"region": "us-east-1",
"resource_id": "subnet-006336d9696975386",
"resource_type": "subnet"
}
],
"vpc_endpoints": [],
"vpc_flow_logs": [],
"vpcs": [
{
"account_id": "154776478584",
"data": {
"cidr_block": "172.31.0.0/16",
"dhcp_options_id": "dopt-0823549fe54a61393",
"instance_tenancy": "default",
"is_default": true,
"state": "available",
"tags": {},
"vpc_id": "vpc-033668c99bb7641b0"
},
"id": "10082cf8-7102-4134-a934-89c21d1accc0",
"region": "us-east-1",
"resource_id": "vpc-033668c99bb7641b0",
"resource_type": "vpc"
}
]
}
}