Overview

This report provides an assessment of the Amazon Web Services environment, including EC2 (Elastic Compute Cloud), RDS (Relational Database
Service), S3 (Simple Storage Service), IAM (Identity and Access Management), along with VPC (Virtual Private Cloud) services. This report
documents the various configuration settings and entities for audit purposes and can be used as point in time documentation for disaster recovery
purposes.
Account ID Organization ID
1234567890 o-2h3kj21h43k54hj43
Type Full Name Address City State
Primary John Doe 701 Brickell Ave Miami FL
Postal Code Country Code Phone Number Company Name Website
33131 US 305.123.4567 RapidFire Tools www.rapidfiretools.com
Region Name Endpoint Status
us-east-1 ec2.us-east-1.amazonaws.com opt-in-not-required
Service Region Enabled
a4b No
amplify No
amplifyuibuilder No
apigateway No
appmesh No
apprunner No
appconfig No
appflow No
app-integrations No
mgn No
appstream No
appsync No
athena No
auditmanager No
datasync No
backup No
backup-gateway No
batch No
billingconductor No
braket No
bugbust No
acm ap-southeast-2, eu-central-1, us-east-1 Yes
acm-pca No
chime No
cloudformation No
clouddirectory No
servicediscovery No
cloud9 No
cloudfront Yes
cloudhsm No
cloudsearch No
cloudtrail No
cloudwatch us-east-1 Yes
applicationinsights No
evidently No
logs No
rum No
synthetics No
codeartifact No
codebuild No
codecommit No
codedeploy No
codeguru-profiler No
codeguru-reviewer No
codepipeline No
codestar No
codestar-connections No
codestar-notifications No
cognito-identity No
cognito-idp No
comprehend No
config No
connect No
profile No
voiceid No
wisdom No
ce No
dataexchange No
dlm No
datapipeline No
dms No
deepcomposer No
deepracer No
detective No
devicefarm No
directconnect No
ds No
dynamodb No
dax No
ec2 ap-southeast-2, eu-central-1, us-east-1, us-west-1 Yes
autoscaling No
imagebuilder No
elasticbeanstalk Yes
ecr No
ecr-public No
ecs No
drs No
elasticfilesystem No
elastic-inference No
eks No
elasticloadbalancing us-east-1 Yes
elasticmapreduce No
elasticache No
elemental-appliances-software No
mediaconnect No
mediaconvert No
medialive No
mediapackage No
mediapackage-vod No
mediastore No
mediatailor No
emr-containers No
events No
schemas No
fis No
finspace No
fms No
forecast No
frauddetector No
freertos No
fsx No
gamelift No
gamesparks No
glacier Yes
globalaccelerator No
glue No
databrew No
groundstation No
guardduty No
healthlake No
connect-campaigns No
honeycode No
access-analyzer No
iam No
inspector No
inspector2 No
ivs No
iot No
iot1click No
iotanalytics No
iotdeviceadvisor No
iotwireless No
iotevents No
iotfleethub No
iotfleetwise No
greengrass No
iotroborunner No
iotsitewise No
iotthingsgraph No
iottwinmaker No
kendra No
kms No
cassandra No
kinesis No
kinesisanalytics No
firehose No
kinesisvideo No
lambda us-east-1 Yes
lex No
license-manager No
lightsail No
geo No
lookoutequipment No
lookoutmetrics No
lookoutvision No
machinelearning No
macie2 No
macie No
managedblockchain No
grafana No
aps No
kafka No
kafkaconnect No
airflow No
aws-marketplace No
memorydb No
mgh No
refactor-spaces No
monitron No
mq No
network-firewall No
networkmanager No
nimble No
es No
opsworks No
opsworks-cm No
organizations No
outposts No
panorama No
personalize No
mobiletargeting No
ses us-east-1 Yes
sms-voice No
proton No
purchase-orders No
qldb No
quicksight No
rds us-east-1 Yes
rbin No
redshift No
rekognition No
resiliencehub No
ram No
resource-groups No
robomaker No
route53 No
route53-recovery-readiness No
route53resolver No
s3 Yes
s3-outposts No
sagemaker No
savingsplans No
secretsmanager No
securityhub No
sts No
servicecatalog No
servicequotas No
shield No
signer No
swf No
snow-device-management No
sns Yes
sqlworkbench No
sqs No
sso No
sso-directory No
states No
storagegateway No
ssm No
ssm-incidents No
ssm-contacts No
resource-explorer No
timestream No
transcribe No
transfer No
translate No
waf No
waf-regional No
wafv2 No
wellarchitected No
worklink No
workmail No
workspaces No
workspaces-web No
xray No
Instance ID Architecture Image ID Instance Lifecycle
i-0abc1def2ghi3 x86_64 ami-0abc1def2ghi3
Instance Type IPv6 Address Key Name Launch Time
t3.medium failover_aws 8/17/2020 6:38
Private DNS Name Private IP Address
ip-122-1-2-3.ap-east-1.compute.internal 12.13.14.15
Public DNS Name Public IP Address State
stopped
Subnet ID VPC ID
subnet-0abc1def2ghi3 vpc-0abc1def2ghi3
Security Group Names
acme-high-security
Security Group IDs Monitoring
sg-0abc1def2ghi3 disabled
Allocation ID Association ID Scope Instance ID
eipalloc-0abc1def2ghi3 eipassoc-0abc1def2ghi3 vpc
Network Border Group Network Interface ID Network Interface Owner ID
ap-east-1 eni-0abc1def2ghi3 1234567890
Private IP Public IP Public IPv4 Pool Customer Owned IP
12.13.14.15 14.15.16.17 amazon
Customer Owned IPv4 Pool
Key Name Keypair ID Fingerprint Create Time Type
ec2miami key-0abc1def2ghi3 key-0abc1def2ghi3 1/23/2017 7:11 rsa
Group ID Group Name Strategy State Partition Count Group ARN
Snapshot ID Volume Size (GiB) Description Storage Tier State
Start Time Progress Restore Expiry Time Volume ID Owner ID Owner Alias
Encrypted KMS Key ID Outpost ARN
Host ID Availability Zone Availability Zone ID State Instance Family
Instance Type Host Reservation ID Outpost ARN Owner ID Auto-Placement
Host Recovery Allocation Time
Load Balancer Name
lb-stop-acme-com
Load Balancer ARN
arn:aws:elasticloadbalancing:ap-east-1:1234567890:loadbalancer/app/lb-stop-rapidfiretools-com/0abc1def2ghi3
DNS Name State
lb-stop-acme-com-12345738.ap-east-1.elb.amazonaws.com active
VPC ID Availability Zones Type
vpc-0abc1def2ghi3 ap-east-1 application
Creation Time
2018-02-06 12:15:03.52
Group ID Group Name
sg-0abc1def2ghi3 default
sg-0abc1def2ghi4 load_balancers
Description VPC ID Owner ID
default VPC security group vpc-0abc1def2ghi3 1234567890
allows https to load balancers vpc-0abc1def2ghi4 1234567890
Inbound Rule Count Outbound Rule Count
0 0
1 1
Volume ID Outpost ARN Volume Type Size (GiB) IOPS
vol-0abc1def2ghi3 gp2 30 100
Throughput (MiB/s) Snapshot ID Created Availability Zone
0 snap-0abc1def2ghi3 2017-07-25 07:03:21.608 ap-east-1
State Attachments by Instance ID Encrypted
in-use i-0abc1def2ghi3 0
KMS Key ID
Instance Identifier Allocated Storage (GiB) Max Allocated Storage (GiB)
acmestaging 500 0
Storage Type Availability Zone Cluster Identifier Instance Port
standard us-east-1d
Instance Status Associated Roles Region Engine Engine Version
available sqlserver-web 12.00.6329.1.v1
IOPS Activity Stream Status Prefered Maintenance Window Multi-AZ
0 stopped No
Storage Type Security Groups Subnet Group Pending Changes
standard subnet1 1
Character Set Option Group Created Encrypted
UTF-8 stopped 2018-06-18 07:29:08.030 No
Promotion Tier
0
Reserved DB Instance ID Product Description Instance Class Offering Type
State Multi-AZ Start Time Duration Instance Count
ARN
arn:aws:rds:us-east-1:1234567890:snapshot:acmebackup
Instance Identifier Snapshot Creation Time Instance Creation Time Status
acmebackup 2022-10-09 22:52:03.690 2018-06-18 07:29:08.024 available
Progress Engine VPC ID Snapshot Type Allocated Storage (GiB)
100% sqlserver-web vpc- manual 500
0abc1def2ghi3
Availability Zone Storage Type Port Encrypted Database Timezone
us-east-1d standard 40 No
Last Transaction
Total Bucket Size Object Count Avg. Object Size
10 TB 211111111 42 KB
Bucket Name ARN Creation Date Region Payer
acme 2016-08-08 11:40:48
Server Access Logging Static Website Hosting Transfer Acceleration
No No
Object Count Bucket Size (Bytes) Versioning Status MFA Delete Enabled
211111111 10000000000000 Yes
Object Lock Bucket Key Enabled Encryption Algorithm Is Public
Yes No
Block Public Policy Block Public ACLs Ignore Public ACLs
Yes Yes No
Restrict Public Buckets
Yes
Group ID ARN
0abc1def2ghi3 arn:aws:iam::1234567890:group/Administrators
0abc1def2ghi4 arn:aws:iam::1234567890:group/Managers
0abc1def2ghi5 arn:aws:iam::1234567890:group/ReadOnly
Creation Date Group Name Path
2022-01-20 12:03:03 Administrations /
2022-01-20 12:03:02 Managers /
2022-01-20 12:03:01 ReadOnly /
User ID ARN
0abc1def2ghi3 arn:aws:iam::1234567890:user/John.Doe
Creation Date Password Last Used Path User Name
2015-11-04 10:04:05 2022-10-03 12:35:21 / john.doe
Role ID Role Name
0abc1def2ghi3 AWSServiceRoleForAutoScaling
Path
/aws-service-role/autoscaling.amazonaws.com/
Description
Default Service-Linked Role enables access to AWS Services and Resources used or managed by Auto Scaling
Creation Date
2018-01-16 18:21:22
ARN
arn:aws:iam::1234567890:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling
Last Used Date Last Used Region Max Session Duration
1:00:00
Policy ID Policy Name Path
0abc1def2ghi3 AccessKeyAndMFA /
Description Creation Date Updated
2018-11-15 06:27:37 2018-11-15 06:27:37
Attached User IDs
0abc1def2ghi3
Attached Groups IDs Attached Role IDs
0abc1def2ghi3
ARN Type Valid Until Created
VPC ID IPv4 CIDR Blocks IPv6 CIDR Blocks DHCP Options ID
vpc-0abc1def2ghi3 12.14.1.5/24 dopt-0abc1def2ghi3
Tenancy Is Default Owner ID State
default No 1234567890 available
NAT Gateway ID Connectivity Type State Elastic IP Private IP
nat-0abc1def2ghi3 public available 14.64.3.4 75.3.2.3
Network Interface ID VPC ID Subnet ID Created
eni-0abc1def2ghi3 vpc-0abc1def2ghi3 subnet-0abc1def2ghi3 2021-09-03 06:30:33
Deleted
Subnet ID Subnet ARN
subnet-0abc1def2ghi3 arn:aws:ec2:ap-east-1:1234567890:subnet/subnet-0abc1def2ghi3
State VPC ID Outpost ARN IPv4 CIDR Block IPv6 CIDR Block
available vpc-0abc1def2ghi3 14.23.2.3/24
Available IPv4s Availability Zone Availability Zone ID Is Default for AZ
40 ap-east-1 apse-az53 No
Map Public IP on Launch
No
Internet Gateway ID Owner ID VPC ID State
igw-0abc1def2ghi3 1234567890 vpc-0abc1def2ghi3 available
VPN Connection ID State VPN Gateway ID Customer Gateway ID
vpn-0abc1def2ghi3 available vgw-0abc1def2ghi3 cgw-0abc1def2ghi3
Transit Gateway ID Category Type Tunnel IP Version Acceleration Enabled
VPN ipsec.1 ipv4 No
Static Routes Only Local IPv4 CIDR Local IPv6 CIDR Remote IPv4 CIDR
Yes 12.12.12.3/24
Remote IPv6 CIDR
Peering Connection ID Status Requester VPC ID Accepter VPC ID
pcx-0abc1def2ghi3 Active vpc-0abc1def2ghi3 vpc-0abc1def2ghi3
Requester CIDR Accepter CIDR Requester Owner ID Accepter Owner ID
14.12.12.12/24 122.23.23.2/24 1234567890 1234567890
Requester Region Accepter Region Expires
us-east-1 eu-central-1