The IP address 10.20.1.1 came up during our security scan and I was wondering which resource this IP belongs to. I searched through the EC2 instances and wasn't able to find this IP, it looks like a network interface IP or something like this so was wondering if someone could please point me to the right direction so I can find the resource and match it to that IP.
From Subnets for your VPC - Amazon Virtual Private Cloud:
The first four IP addresses and the last IP address in each subnet CIDR block are not available for your use, and they cannot be assigned to a resource, such as an EC2 instance. For example, in a subnet with CIDR block 10.0.0.0/24, the following five IP addresses are reserved:
10.0.0.0: Network address.
10.0.0.1: Reserved by AWS for the VPC router.
10.0.0.2: Reserved by AWS. The IP address of the DNS server is the base of the VPC network range plus two. For VPCs with multiple CIDR blocks, the IP address of the DNS server is located in the primary CIDR. We also reserve the base of each subnet range plus two for all CIDR blocks in the VPC. For more information, see Amazon DNS server.
10.0.0.3: Reserved by AWS for future use.
10.0.0.255: Network broadcast address. We do not support broadcast in a VPC, therefore we reserve this address.
Since you have a subnet of 10.20.1.0/24, the address of 10.20.1.1 is Reserved by AWS for the VPC router.
AWS is responsible for routing traffic within a VPC according to the DHCP option sets in Amazon VPC. When a new instance launches and uses DHCP to obtain an IP address in the subnet, it is provided with the address of the router. Some network settings (such as DNS server) can be set, but AWS retains control of the router.
Your network scan detected the IP address associated with this router.