# EC2 VPC ## Resource Type `AWS.EC2.VPC` ## Resource ID Format For EC2 VPCs, the resource ID is the ARN. `arn:aws:ec2:us-west-2:123456789012:vpc/vpc-1` ## Background This resource represents a snapshot of an AWS EC2 VPC. ## Fields | Field | Type | Description | | ----------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | `CidrBlock` | `String` | The IP range of the VPC | | `CidrBlockAssociationSet` | `List` | Information about the IP CIDR blocks associated with the VPC. | | `DhcpOptionsId` | `String` | The ID of the set of DHCP options you've associated with the VPC. | | `InstanceTenancy` | `String` | The allowed tenancy of instances launched into the VPC. Information about the IPv6 CIDR blocks associated with the VPC. | | `Ipv6CidrBlockAssociationSet` | `List` | Information about the IPv6 CIDR blocks associated with the VPC. | | `IsDefault` | `Boolean` | Whether the VPC is the default VPC. | | `OwnerId` | `String` | The ID of the Amazon Web Services account that owns the VPC. | | `State` | `String` | The current state of the VPC. | | `FlowLogs` | `List` | Information about the flow logs. | | `NetworkAcls` | `List` | Indicates what network ACLs are set, which act as a basic firewall for the VPC. See the [AWS user documentation](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html) for more details | | `RouteTables` | `List` | Route tables are configured, which act as basic routing tables for the VPC. See the [AWS user documentation](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html) for more details. | | `SecurityGroups` | `List` | Security groups configured for this VPC, which act as firewalls for instances in the VPC. See the [AWS user documentation](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html) for more details | | `StaleSecurityGroups` | `List` | Security groups in a VPC that are 'stale', meaning the corresponding security group or VPC peering connection has been deleted. Note that the example below lists a stale security group that is not listed in `SecurityGroups`, in practice this will not be the case. All security groups listed in `StaleSecurityGroups` will also be present in `SecurityGroups`. See the [AWS documentation](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html#vpc-peering-stale-groups) for more details on stale security groups. | | `VpcId` | `String` | The unique identifier of the VPC | ## Example ```javascript { "AccountId": "123456789012", "Arn": "arn:aws:ec2:eu-west-3:123456789012:vpc/vpc-1", "CidrBlock": "10.0.0.0/16", "CidrBlockAssociationSet": [ { "AssociationId": "vpc-cidr-assoc-1", "CidrBlock": "10.0.0.0/16", "CidrBlockState": { "State": "associated", "StatusMessage": null } } ], "DefaultNetworkAclId": "acl-1", "DefaultSecurityGroupId": "sg-1", "DhcpOptionsId": "dopt-1", "FlowLogs": [ { "CreationTime": "2026-02-12T18:07:41.186Z", "DeliverCrossAccountRole": null, "DeliverLogsErrorMessage": null, "DeliverLogsPermissionArn": null, "DeliverLogsStatus": "SUCCESS", "DestinationOptions": { "FileFormat": "plain-text", "HiveCompatiblePartitions": false, "PerHourPartition": false }, "FlowLogId": "fl-1", "FlowLogStatus": "ACTIVE", "LogDestination": "arn:aws:s3:::my-bucket/", "LogDestinationType": "s3", "LogFormat": "${account-id} ${interface-id} ${srcaddr} ${dstaddr} ${srcport} ${dstport}", "LogGroupName": null, "MaxAggregationInterval": 600, "ResourceId": "vpc-1", "Tags": [ { "Key": "name", "Value": "value" } ], "TrafficType": "ALL" } ], "Id": "vpc-1", "InstanceTenancy": "default", "Ipv6CidrBlockAssociationSet": null, "IsDefault": true, "NetworkAcls": [ "acl-1", "acl-2" ], "OwnerId": "123456789012", "Region": "eu-west-3", "ResourceId": "arn:aws:ec2:eu-west-3:123456789012:vpc/vpc-1", "ResourceType": "AWS.EC2.VPC", "RouteTables": [ { "Associations": [ { "AssociationState": { "State": "associated", "StatusMessage": null }, "GatewayId": null, "Main": true, "PublicIpv4Pool": null, "RouteTableAssociationId": "rtbassoc-1", "RouteTableId": "rtb-1", "SubnetId": null } ], "OwnerId": "123456789012", "PropagatingVgws": null, "RouteTableId": "rtb-1", "Routes": [ { "CarrierGatewayId": null, "CoreNetworkArn": null, "DestinationCidrBlock": "10.0.0.0/24", "DestinationIpv6CidrBlock": null, "DestinationPrefixListId": null, "EgressOnlyInternetGatewayId": null, "GatewayId": "local", "InstanceId": null, "InstanceOwnerId": null, "IpAddress": null, "LocalGatewayId": null, "NatGatewayId": null, "NetworkInterfaceId": null, "OdbNetworkArn": null, "Origin": "CreateRouteTable", "State": "active", "TransitGatewayId": null, "VpcPeeringConnectionId": null } ], "Tags": null, "VpcId": "vpc-1" } ], "SecurityGroups": [ "sg-1", "sg-2" ], "StaleSecurityGroups": null, "State": "available", "Tags": null, "TimeCreated": null } ```