# EC2 VPC ## Resource Type `AWS.EC2.VPC` ## Resource ID Format For EC2 VPCs, the resource ID is the ARN. `arn:aws:ec2:us-west-2:123456789012:vpc/vpc-1` ## Background This resource represents a snapshot of an AWS EC2 VPC. ## Fields | Field | Type | Description | | ----------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `CidrBlock` | `String` | The IP range of the VPC | | `CidrBlockAssociationSet` | `List` | Information about the IP CIDR blocks associated with the VPC. | | `DhcpOptionsId` | `String` | The ID of the set of DHCP options you've associated with the VPC. | | `InstanceTenancy` | `String` | The allowed tenancy of instances launched into the VPC. Information about the IPv6 CIDR blocks associated with the VPC. | | `Ipv6CidrBlockAssociationSet` | `List` | Information about the IPv6 CIDR blocks associated with the VPC. | | `IsDefault` | `Boolean` | Whether the VPC is the default VPC. | | `OwnerId` | `String` | The ID of the Amazon Web Services account that owns the VPC. | | `State` | `String` | The current state of the VPC. | | `FlowLogs` | `List` | Information about the flow logs. | | `NetworkAcls` | `List` | Indicates what network ACLs are set, which act as a basic firewall for the VPC. See the [AWS user documentation](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) for more details | | `RouteTables` | `List` | Route tables are configured, which act as basic routing tables for the VPC. See the [AWS user documentation](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) for more details. | | `SecurityGroups` | `List` | Security groups configured for this VPC, which act as firewalls for instances in the VPC. See the [AWS user documentation](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) for more details | | `StaleSecurityGroups` | `List` | Security groups in a VPC that are 'stale', meaning the corresponding security group or VPC peering connection has been deleted. Note that the example below lists a stale security group that is not listed in `SecurityGroups`, in practice this will not be the case. All security groups listed in `StaleSecurityGroups` will also be present in `SecurityGroups`. See the [AWS documentation](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html#vpc-peering-stale-groups) for more details on stale security groups. | | `VpcId` | `String` | The unique identifier of the VPC | ## Example ```javascript { "AccountId": "123456789012", "Arn": "arn:aws:ec2:eu-west-3:123456789012:vpc/vpc-1", "CidrBlock": "10.0.0.0/16", "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-1", "CidrBlock": "10.0.0.0/16", "CidrBlockState": { "State": "associated", "StatusMessage": null } } ], "DefaultNetworkAclId": "acl-1", "DefaultSecurityGroupId": "sg-1", "DhcpOptionsId": "dopt-1", "FlowLogs": [ { "CreationTime": "2026-02-12T18:07:41.186Z", "DeliverCrossAccountRole": null, "DeliverLogsErrorMessage": null, "DeliverLogsPermissionArn": null, "DeliverLogsStatus": "SUCCESS", "DestinationOptions": { "FileFormat": "plain-text", "HiveCompatiblePartitions": false, "PerHourPartition": false }, "FlowLogId": "fl-1", "FlowLogStatus": "ACTIVE", "LogDestination": "arn:aws:s3:::my-bucket/", "LogDestinationType": "s3", "LogFormat": "${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport}", "LogGroupName": null, "MaxAggregationInterval": 600, "ResourceId": "vpc-1", "Tags": [ { "Key": "name", "Value": "value" } ], "TrafficType": "ALL" } ], "Id": "vpc-1", "InstanceTenancy": "default", "Ipv6CidrBlockAssociationSet": null, "IsDefault": true, "NetworkAcls": [ "acl-1", "acl-2" ], "OwnerId": "123456789012", "Region": "eu-west-3", "ResourceId": "arn:aws:ec2:eu-west-3:123456789012:vpc/vpc-1", "ResourceType": "AWS.EC2.VPC", "RouteTables": [ { "Associations": [ { "AssociationState": { "State": "associated", "StatusMessage": null }, "GatewayId": null, "Main": true, "PublicIpv4Pool": null, "RouteTableAssociationId": "rtbassoc-1", "RouteTableId": "rtb-1", "SubnetId": null } ], "OwnerId": "123456789012", "PropagatingVgws": null, "RouteTableId": "rtb-1", "Routes": [ { "CarrierGatewayId": null, "CoreNetworkArn": null, "DestinationCidrBlock": "10.0.0.0/24", "DestinationIpv6CidrBlock": null, "DestinationPrefixListId": null, "EgressOnlyInternetGatewayId": null, "GatewayId": "local", "InstanceId": null, "InstanceOwnerId": null, "IpAddress": null, "LocalGatewayId": null, "NatGatewayId": null, "NetworkInterfaceId": null, "OdbNetworkArn": null, "Origin": "CreateRouteTable", "State": "active", "TransitGatewayId": null, "VpcPeeringConnectionId": null } ], "Tags": null, "VpcId": "vpc-1" } ], "SecurityGroups": [ "sg-1", "sg-2" ], "StaleSecurityGroups": null, "State": "available", "Tags": null, "TimeCreated": null } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.panther.com/cloud-scanning/cloud-resource-attributes/aws/ec2-vpc.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.