FedRAMP AI Studio

Automated SSP Narrative Generation
← Back to Dashboard

Generated Diagram (Use Case 11) DRAFT

Account: 154776478584 Run: 4f6cda72-e405-4f30-9bde-aa3f17639f45 Models: gpt-5.2 /
Diagram saved. ID: eda753a8-16b9-4fb7-87b1-6d28e7003df4 — Retrievable via DB and viewable at /ui/diagrams/eda753a8-16b9-4fb7-87b1-6d28e7003df4
This page renders the Mermaid diagram (Mermaid-only mode).

Summarizer Output (Step 1)

{
  "app_summary": "2 EC2 instances (both stopped) in the VPC: i-0601780d500bb51ea (t2.medium) in subnet-0b8c568bc3659b486 with private IP 172.31.27.120; i-0322a28bf1a8a68c5 (t2.micro) in subnet-05c9a438bb7c68867 with private IP 172.31.87.12. Both attach security group sg-090ff45d5d6ad1cd4. No IAM instance profiles on either instance.",
  "boundary_label": "FedRAMP Authorization Boundary: AWS Account 154776478584 / Region us-east-1",
  "data_summary": "3 EBS volumes evidenced (counts only; not mapped to specific instances in provided evidence). No RDS instances, no S3 buckets, and no other data stores evidenced.",
  "flow_labels": [
    "1) External networks/Internet -\u003e Internet Gateway (IGW) (potential ingress/egress)",
    "2) Internet Gateway (IGW) -\u003e VPC routing domain (route table association not evidenced)",
    "3) VPC -\u003e Subnet-0b8c568bc3659b486 (us-east-1d) -\u003e EC2 i-0601780d500bb51ea (SG sg-090ff45d5d6ad1cd4)",
    "4) VPC -\u003e Subnet-05c9a438bb7c68867 (us-east-1c) -\u003e EC2 i-0322a28bf1a8a68c5 (SG sg-090ff45d5d6ad1cd4)",
    "5) EC2 instances -\u003e EBS volumes (attachments not evidenced; show generic EBS storage link)",
    "6) Placeholder (audit completeness): Logging/Monitoring endpoints (CloudTrail/CloudWatch/VPC Flow Logs) not evidenced in account"
  ],
  "network_summary": "1 VPC vpc-033668c99bb7641b0 (default) with 6 subnets across us-east-1a/b/c/d/e/f; all subnets have map_public_ip_on_launch=true. 1 Internet Gateway igw-0c2d9b6f737cc026e attached to the VPC. Route tables/NACL/security groups exist (counts only) but specific rules/associations are not provided in evidence. No NAT gateways, no VPC endpoints, no VPC Flow Logs evidenced.",
  "overview": "Single AWS account with one default VPC (172.31.0.0/16) and an attached Internet Gateway. Two stopped EC2 instances reside in separate subnets; no NAT gateways, VPC endpoints, or managed data services are evidenced.",
  "security_summary": "IAM artifacts exist (4 roles, 5 users, credential report, password policy) but no specific trust/policy details provided. Network controls include 3 security groups and 1 network ACL (details not provided). Monitoring/logging services not evidenced: CloudTrail trails, CloudWatch log groups, and VPC Flow Logs are absent from evidence.",
  "style_goals": [
    "Single bold outer authorization boundary with region/account label; VPC shown as nested colored boundary",
    "Group subnets into one compact \u0027Subnets (6)\u0027 panel with only the two instance-hosting subnets expanded; minimize unused subnet detail",
    "Orthogonal connectors with clear left-to-right flow (Internet -\u003e IGW -\u003e VPC/Subnets -\u003e EC2); no text on connector lines, use numbered flow labels in a legend"
  ],
  "title": "AWS Authorization Boundary Diagram (Account 154776478584, us-east-1)"
}

Evidence JSON (Audit Trail)

{
  "account_id": "154776478584",
  "counts": {
    "assets": [
      {
        "count": 3,
        "resource_type": "ebs_volume"
      },
      {
        "count": 2,
        "resource_type": "ec2_instance"
      }
    ],
    "data_stores": [],
    "identities": [
      {
        "count": 1,
        "resource_type": "iam_credential_report"
      },
      {
        "count": 1,
        "resource_type": "iam_password_policy"
      },
      {
        "count": 4,
        "resource_type": "iam_role"
      },
      {
        "count": 5,
        "resource_type": "iam_user"
      }
    ],
    "network_components": [
      {
        "count": 1,
        "resource_type": "internet_gateway"
      },
      {
        "count": 1,
        "resource_type": "network_acl"
      },
      {
        "count": 1,
        "resource_type": "route_table"
      },
      {
        "count": 3,
        "resource_type": "security_group"
      },
      {
        "count": 6,
        "resource_type": "subnet"
      },
      {
        "count": 1,
        "resource_type": "vpc"
      }
    ]
  },
  "ingestion_run_id": "4f6cda72-e405-4f30-9bde-aa3f17639f45",
  "notes": {
    "no_hallucination": true,
    "resource_types_supported": [
      "vpc",
      "subnet",
      "internet_gateway",
      "nat_gateway",
      "vpc_endpoint",
      "vpc_flow_log",
      "ec2_instance",
      "rds_instance",
      "s3_bucket",
      "cloudtrail_trail",
      "cloudwatch_log_group"
    ],
    "sample_limit": 50
  },
  "resources": {
    "cloudtrail_trails": [],
    "cloudwatch_log_groups": [],
    "ec2_instances": [
      {
        "account_id": "154776478584",
        "data": {
          "ebs_optimized": false,
          "iam_instance_profile": null,
          "instance_id": "i-0601780d500bb51ea",
          "instance_type": "t2.medium",
          "launch_time": "2022-09-10T16:59:37Z",
          "monitoring_enabled": false,
          "private_ip": "172.31.27.120",
          "public_ip": null,
          "security_group_ids": [
            "sg-090ff45d5d6ad1cd4"
          ],
          "state": "stopped",
          "subnet_id": "subnet-0b8c568bc3659b486",
          "tags": {
            "Name": "First Instance"
          },
          "vpc_id": "vpc-033668c99bb7641b0"
        },
        "id": "32a0eba7-e121-4edc-b1c1-bffef2933ace",
        "region": "us-east-1",
        "resource_id": "i-0601780d500bb51ea",
        "resource_type": "ec2_instance"
      },
      {
        "account_id": "154776478584",
        "data": {
          "ebs_optimized": false,
          "iam_instance_profile": null,
          "instance_id": "i-0322a28bf1a8a68c5",
          "instance_type": "t2.micro",
          "launch_time": "2022-09-20T23:57:09Z",
          "monitoring_enabled": false,
          "private_ip": "172.31.87.12",
          "public_ip": null,
          "security_group_ids": [
            "sg-090ff45d5d6ad1cd4"
          ],
          "state": "stopped",
          "subnet_id": "subnet-05c9a438bb7c68867",
          "tags": {
            "Name": "Second Instance"
          },
          "vpc_id": "vpc-033668c99bb7641b0"
        },
        "id": "5e7c6ca8-9065-4bcc-9165-dc107f489b27",
        "region": "us-east-1",
        "resource_id": "i-0322a28bf1a8a68c5",
        "resource_type": "ec2_instance"
      }
    ],
    "internet_gateways": [
      {
        "account_id": "154776478584",
        "data": {
          "attachments": [
            {
              "State": "available",
              "VpcId": "vpc-033668c99bb7641b0"
            }
          ],
          "internet_gateway_id": "igw-0c2d9b6f737cc026e",
          "tags": {}
        },
        "id": "7ba32aea-41e3-41ff-ad43-ae942914a211",
        "region": "us-east-1",
        "resource_id": "igw-0c2d9b6f737cc026e",
        "resource_type": "internet_gateway"
      }
    ],
    "nat_gateways": [],
    "rds_instances": [],
    "s3_buckets": [],
    "subnets": [
      {
        "account_id": "154776478584",
        "data": {
          "availability_zone": "us-east-1d",
          "available_ip_address_count": 4090,
          "cidr_block": "172.31.16.0/20",
          "map_public_ip_on_launch": true,
          "state": "available",
          "subnet_id": "subnet-0b8c568bc3659b486",
          "tags": {},
          "vpc_id": "vpc-033668c99bb7641b0"
        },
        "id": "0ca7e857-501a-4579-9f30-b196928262be",
        "region": "us-east-1",
        "resource_id": "subnet-0b8c568bc3659b486",
        "resource_type": "subnet"
      },
      {
        "account_id": "154776478584",
        "data": {
          "availability_zone": "us-east-1a",
          "available_ip_address_count": 4091,
          "cidr_block": "172.31.32.0/20",
          "map_public_ip_on_launch": true,
          "state": "available",
          "subnet_id": "subnet-0c567848e2f3285b9",
          "tags": {},
          "vpc_id": "vpc-033668c99bb7641b0"
        },
        "id": "0163976f-cd7a-4344-89e7-21923ede5856",
        "region": "us-east-1",
        "resource_id": "subnet-0c567848e2f3285b9",
        "resource_type": "subnet"
      },
      {
        "account_id": "154776478584",
        "data": {
          "availability_zone": "us-east-1f",
          "available_ip_address_count": 4091,
          "cidr_block": "172.31.64.0/20",
          "map_public_ip_on_launch": true,
          "state": "available",
          "subnet_id": "subnet-06c23e873cdba6e94",
          "tags": {},
          "vpc_id": "vpc-033668c99bb7641b0"
        },
        "id": "6de8f5bc-f770-4210-8378-7e35eb23fb8d",
        "region": "us-east-1",
        "resource_id": "subnet-06c23e873cdba6e94",
        "resource_type": "subnet"
      },
      {
        "account_id": "154776478584",
        "data": {
          "availability_zone": "us-east-1c",
          "available_ip_address_count": 4090,
          "cidr_block": "172.31.80.0/20",
          "map_public_ip_on_launch": true,
          "state": "available",
          "subnet_id": "subnet-05c9a438bb7c68867",
          "tags": {},
          "vpc_id": "vpc-033668c99bb7641b0"
        },
        "id": "e784ece9-6419-44d7-9377-18245fcb7131",
        "region": "us-east-1",
        "resource_id": "subnet-05c9a438bb7c68867",
        "resource_type": "subnet"
      },
      {
        "account_id": "154776478584",
        "data": {
          "availability_zone": "us-east-1b",
          "available_ip_address_count": 4091,
          "cidr_block": "172.31.0.0/20",
          "map_public_ip_on_launch": true,
          "state": "available",
          "subnet_id": "subnet-0b3e792cb9abb6b15",
          "tags": {},
          "vpc_id": "vpc-033668c99bb7641b0"
        },
        "id": "c9ced59b-6593-4686-a676-5f738af9753e",
        "region": "us-east-1",
        "resource_id": "subnet-0b3e792cb9abb6b15",
        "resource_type": "subnet"
      },
      {
        "account_id": "154776478584",
        "data": {
          "availability_zone": "us-east-1e",
          "available_ip_address_count": 4091,
          "cidr_block": "172.31.48.0/20",
          "map_public_ip_on_launch": true,
          "state": "available",
          "subnet_id": "subnet-006336d9696975386",
          "tags": {},
          "vpc_id": "vpc-033668c99bb7641b0"
        },
        "id": "9941a8ef-7fbb-44f9-b1da-eef0274aac63",
        "region": "us-east-1",
        "resource_id": "subnet-006336d9696975386",
        "resource_type": "subnet"
      }
    ],
    "vpc_endpoints": [],
    "vpc_flow_logs": [],
    "vpcs": [
      {
        "account_id": "154776478584",
        "data": {
          "cidr_block": "172.31.0.0/16",
          "dhcp_options_id": "dopt-0823549fe54a61393",
          "instance_tenancy": "default",
          "is_default": true,
          "state": "available",
          "tags": {},
          "vpc_id": "vpc-033668c99bb7641b0"
        },
        "id": "10082cf8-7102-4134-a934-89c21d1accc0",
        "region": "us-east-1",
        "resource_id": "vpc-033668c99bb7641b0",
        "resource_type": "vpc"
      }
    ]
  }
}
FedRAMP AI Studio — Assessment AI Engine — 0.1.0