LightPane

Sign in Start free

Features Pricing Catalog Docs Demos About Sign in Start free

Pane catalog

A LightPane Pane is a self-contained view of a slice of your cloud infrastructure. Each is designed to drop into any page, any dashboard, or any team's workflow. The catalog below lists every pane available today.

There are two pane types:

Service inventories 113 panes

One pane per cloud service: EC2 instances, IAM policies, S3 buckets, Cloud SQL databases… listed with their key attributes. Covers AWS, Azure, and GCP. Production-ready today; all are available on the free Explorer tier.

Compound panes 97 panes

Bespoke visualisations that combine multiple services to answer specific questions — cost forecasts, security posture, region footprint, incident timelines. Many are still being refined as we gather customer feedback.

Three ways to use them

LightPane Lens

Hosted dashboards. Link your accounts, get pre-built layouts built from these panes.

Cloud Desktop

Browser-based desktop for composing your own pane layouts. Drag, drop, resize.

Embed anywhere

Paste a 5-line HTML snippet on any page you own. Full code on each pane's catalog page.

Try dynamiccloud.info

Multiple inventory and compound panes running against real AWS, GCP, and Azure accounts showing real-time data.

Filter by provider, category, or pane type using the controls below.

Access Analyzer

IAM Access Analyzer findings — resources accessible from outside the account's trust boundary.

Access analyzers

Every IAM Access Analyzer with type, status and current finding count.

ACM certificates

Every ACM certificate with domain, status, validation method and expiry date.

Activity Timeline (24h)

Activity timeline from the Azure Activity Log — who changed what, when, filterable by service.

Activity Timeline (24h)

Activity timeline from Cloud Audit Logs — who changed what, when, filterable by service.

AKS clusters

Every AKS cluster with Kubernetes version, node pool count, FQDN and power state.

Alarm Coverage Gap

Resources that should have CloudWatch alarms but don't — find the gaps before they bite.

Ami Inventory

Every AMI in the account with creation date, in-use count and stale candidates ready to deregister.

AMIs

Every AMI in the account with creation date, virtualisation type and public-share state.

API Gateway (HTTP)

Every HTTP API in API Gateway with protocol, endpoint type and route count.

API Gateway (REST)

Every REST API in API Gateway with endpoint type, stage count and last-updated date.

App Health

Account-wide operational health scorecard — 15 rules across monitoring, backup, capacity and runtime.

App Services

Every Azure App Service with kind, SKU, state, runtime stack and default host name.

Artifact Registry

Every Artifact Registry repository with format, location and last-updated time.

Asg Activity

Every Auto Scaling group with capacity, scaling rules and a 24-hour activity timeline.

Auto Scaling groups

Every Auto Scaling group with capacity (min / desired / max), instance type and AZs.

AWS Backup

AWS Backup plans and recent job results — what's protected, when it ran and any failures.

AWS Config rules

Every AWS Config rule with compliance counts, source (managed / custom) and trigger type.

AWS Health

AWS Health events: service incidents, scheduled maintenance, security advisories and notifications.

Backup jobs

Recent AWS Backup jobs with status, resource, backup plan and completion time.

Backup vaults

Every AWS Backup vault with recovery-point count, encryption and access policy.

BigQuery datasets

Every BigQuery dataset with location, default table expiration and access controls.

Bigtable instances

Every Bigtable instance with cluster count, storage type and serve nodes.

Change Feed (24h)

24-hour stream of changes from the Activity Log, mixed across services into one timeline.

Change Feed (24h)

24-hour stream of changes from Cloud Audit Logs, mixed across services into one timeline.

Cloud DNS zones

Every Cloud DNS zone with visibility (public / private), DNS name and record count.

Cloud Functions

Every Cloud Function (Gen 1 + Gen 2) with runtime, trigger type, region and status.

Cloud NAT

Every Cloud NAT gateway with router, region, NAT IP allocation and minimum ports per VM.

Cloud Run services

Every Cloud Run service with traffic split, latest revision, region and ingress setting.

Cloud Scheduler jobs

Every Cloud Scheduler job with schedule, target type, last attempt and current state.

Cloud Spanner

Every Cloud Spanner instance with configuration, processing units and node count.

Cloud SQL

Every Cloud SQL instance with engine, version, tier, HA mode and backup setting.

Cloud Storage buckets

Every Cloud Storage bucket with location, storage class, encryption and uniform-IAM state.

Cloud Tasks queues

Every Cloud Tasks queue with state, rate limits, retry config and stackdriver logging setting.

CloudFormation Drift

CloudFormation stacks ranked by drift state, with per-resource property diffs for drifted stacks.

CloudFormation stacks

Every CloudFormation stack with status, drift state, last-updated time and template source.

CloudFront

Every CloudFront distribution with hit ratio, requests per hour, error rate and origin latency.

CloudFront

Every CloudFront distribution with status, default cache behaviour and aliases.

CloudFront Free Tier

CloudFront Free Tier consumption (1 TB / 10M requests) with burn rate and projected overage.

CloudTrail Events

CloudTrail audit trail of every API call that changed the account — filter, search and drill in.

CloudTrail Search

Filtered search across CloudTrail events: event name, principal, resource and category.

CloudTrail trails

Every CloudTrail trail with multi-region flag, logging status and data-events config.

CloudWatch alarms

Every CloudWatch alarm with state (OK / ALARM / INSUFFICIENT_DATA), threshold and metric.

CloudWatch log groups

Every CloudWatch Log Group with retention setting, stored bytes and last-event time.

CloudWatch Logs Storage

Every CloudWatch Log Group with volume, retention, last event and monthly storage cost.

CodeBuild projects

Every CodeBuild project with environment, source provider and last-build outcome.

CodePipeline pipelines

Every CodePipeline with stage count, version, last-execution status and update date.

Compute Engine VMs

Every Compute Engine VM with machine type, status, zone, network and service account.

Compute Optimizer

AWS Compute Optimizer findings across EC2, EBS, Lambda, ECS and Auto Scaling in one filterable list.

Compute Right-Sizing

Virtual Machines Azure Advisor thinks are over-provisioned, with projected monthly savings.

Compute Right-Sizing

Compute Engine and Cloud SQL instances GCP Recommender thinks are over-provisioned.

Config Compliance

AWS Config rules with compliance counts per pack (CIS, PCI, OPS) and non-compliant resources.

Container Registries

Every Azure Container Registry with SKU, admin-user setting and login server.

Cosmos DB accounts

Every Cosmos DB account with API kind, multi-region writes and default consistency.

Cost by Label

GCP spend grouped by a label (environment, team, application) — what each slice costs.

Cost by Tag

AWS spend grouped by a tag (Environment, Team, Application) — what each slice of the account costs.

Cost by Tag

Azure spend grouped by a tag (Environment, Team, CostCenter) — what each slice costs.

Cost Forecast

30 days of daily AWS cost plus a 30-day forecast, with cost anomalies and remediation hints.

Cost Forecast (next 30 days)

30 days of daily Azure cost plus a 30-day forecast — track end-of-month spend before the bill.

Cost Forecast (next 30 days)

30 days of daily GCP cost plus a 30-day forecast — track end-of-month spend before the bill.

Cost Summary

Month-to-date AWS spend by service, region and account, with the top movers since last month.

Cost Summary

Month-to-date Azure spend by service, region and subscription, with top movers since last month.

Cost Summary

Month-to-date GCP spend by service, region and project, with top movers since last month.

Cw Alarms

Every CloudWatch alarm with state, threshold, the metric driving it and a recent sparkline.

Daily Briefing

Newspaper-style 24h summary: alarms, security findings, free-tier hot spots and cost opportunities.

Daily Briefing ·

Newspaper-style 24h summary across alerts, security findings, activity and cost — Azure-wide.

Daily Briefing ·

Newspaper-style 24h summary across alerts, security findings, activity and cost — GCP-wide.

Data Transfer Hotspots

Where AWS data-transfer cost is coming from — NAT, cross-region, cross-AZ, CloudFront, ranked.

Database Inventory

Every Azure SQL, Cosmos DB, PostgreSQL and MySQL database with version, HA and backups.

Database Inventory

Every Cloud SQL, AlloyDB, Firestore and Bigtable database with version, HA mode and backups.

DNS zones

Every Azure DNS zone with public / private flag, record count and resource group.

DynamoDB

Every DynamoDB table with capacity, throttles, item count, size and feature flags (PITR, TTL).

DynamoDB tables

Every DynamoDB table with billing mode, capacity, item count and size.

Ebs Snapshots

Every EBS snapshot with size, age and whether its source volume still exists — orphans first.

EBS snapshots

Every EBS snapshot with size, age, source volume and encryption state.

EBS volumes

Every EBS volume with size, IOPS, encryption and the instance it's attached to.

EC2 instances

Every EC2 instance with type, state, IPs, AZ and the AMI it launched from.

ECR repositories

Every ECR repository with image count, last-pushed date and tag-immutability setting.

ECS clusters

Every ECS cluster with active services, running tasks and capacity providers.

Ecs Services

Every ECS service across every cluster, with deploy state, task counts and recent events.

EFS file systems

Every EFS file system with size, throughput mode, lifecycle policy and mount targets.

Eip Eni

Every Elastic IP and ENI with attachment state — unattached EIPs (avoidable hourly cost) first.

EKS clusters

Every EKS cluster with Kubernetes version, endpoint access and node groups.

Eks Overview

Every EKS cluster with Kubernetes version, node groups, add-ons and upcoming upgrade windows.

Elastic IPs

Every Elastic IP with attached resource — unattached EIPs (avoidable hourly cost) first.

ElastiCache clusters

Every ElastiCache cluster node with engine, node type, status and cache version.

ElastiCache replication groups

Every ElastiCache replication group with engine, primary / replicas and shard count.

EMR clusters

Every EMR cluster with state, instance fleet, release label and runtime.

Engine Eol

RDS, Aurora, ElastiCache and EKS engines reaching End-of-Life within the next year.

Event Correlation

Alarms, deploys, security findings and CloudTrail events on one timeline for incident reviews.

Event Hubs

Every Event Hub namespace with SKU, throughput units and configured event hubs.

EventBridge rules

Every EventBridge rule with schedule / event pattern, bus and target count.

Extended Support Cost

RDS, Aurora and EKS engines on AWS Extended Support, the monthly surcharge and upgrade target.

Filestore instances

Every Filestore instance with tier, capacity, network and current state.

Firestore databases

Every Firestore database with type (Native / Datastore mode), location and concurrency mode.

Firewall rules

Every firewall rule with direction, action, protocol / ports and source / target tags.

Free Tier Monitor

AWS Free Tier usage against allowances — which services are nearing their limits this month.

Free Tier usage

AWS Free Tier usage with service, allowance, actual usage and projected month-end consumption.

Function Radar

Every Azure Function App with invocations, error rate, duration and last-deploy timestamp.

Function Radar

Every Cloud Function with invocations, error rate, duration and last-deploy timestamp.

Functions

Every Azure Function App with hosting plan, runtime, OS and last-modified date.

GKE clusters

Every GKE cluster with Kubernetes version, node-pool count, location and endpoint.

Global Resource Search

Free-text search across every discovered AWS resource — instances, buckets, functions, databases.

Global Resource Search

Free-text search across every discovered Azure resource — VMs, storage, functions, databases.

Global Resource Search

Free-text search across every discovered GCP resource — VMs, buckets, functions, databases.

Glue databases

Every Glue catalog database with table count, location URI and description.

Guardduty

Active GuardDuty threats: crypto-mining, credential exfiltration, unusual API patterns and more.

GuardDuty detectors

Every GuardDuty detector with status, data sources, finding-publishing frequency.

IAM Access Keys

IAM access keys with age, last-used date and service — stale and unused keys called out first.

IAM policies

Every IAM managed policy with attachment count, default version and document size.

IAM roles

Every IAM role with trust policy, attached policies, last-used date and creation.

IAM service accounts

Every GCP service account with email, disabled flag, owned keys and last-used dates.

IAM users

Every IAM user with creation date, MFA status, access-key count and attached policies.

Idle Finder

Resources sitting idle and costing money — low-CPU instances, idle databases, unused volumes.

Idle Resource Finder

Azure resources sitting idle and costing money — low-CPU VMs, idle SQL, unattached disks.

Idle Resource Finder

GCP resources sitting idle and costing money — low-CPU VMs, idle SQL, unattached disks.

Internet gateways

Every Internet Gateway with attached VPC and current state.

Key & Secret Rotation

KMS keys and Secrets Manager secrets with rotation state: off, overdue or actively rotating.

Key pairs

Every EC2 key pair with name, fingerprint, type and creation date.

Key Vault Rotation Audit

Azure Key Vault keys with rotation policy, last-rotated date and overdue flag.

Key Vaults

Every Azure Key Vault with SKU, soft-delete setting, network ACLs and access model.

Kinesis streams

Every Kinesis stream with shard count, retention period and encryption state.

KMS keyrings

Every Cloud KMS key ring with location, key count and parent project.

KMS keys

Every KMS key with key type, manager (AWS / customer), rotation state and aliases.

KMS Rotation Audit

Cloud KMS keys with rotation period, last-rotated date and overdue flag.

Label Coverage

Which GCP resources carry the required labels and which don't, scored by service type.

Lambda functions

Every Lambda function with runtime, memory, last-modified and reserved concurrency.

Lambda Radar

Every Lambda function with concurrency, error rate, throttles and a 24-hour invocation trend.

Load Balancer Health

Every load balancer with target groups, healthy / unhealthy counts and recent state changes.

Load balancers

Every load balancer (ALB / NLB / GLB) with scheme, listeners and target groups.

Load balancers

Every Azure Load Balancer with SKU (Basic / Standard), tier and front-end IP configurations.

Load balancers

Every Cloud Load Balancer with scheme (external / internal), protocol and backend services.

Managed disks

Every Azure managed disk with size, SKU, encryption type and the VM it's attached to.

Managed instance groups

Every Managed Instance Group with target size, autoscaler and current versions.

Memorystore instances

Every Memorystore (Redis / Memcached) instance with tier, capacity, version and HA mode.

Monitor alerts

Every Azure Monitor alert rule with state, severity, scope and trigger condition.

Monitoring alerts

Every Cloud Monitoring alert policy with state, severity, conditions and notification channels.

Multi-Region Footprint

World map of which AWS regions this account uses, sized by resource count.

Multi-Region Footprint

World map of which Azure regions this subscription uses, sized by resource count.

Multi-Region Footprint

World map of which GCP regions this project uses, sized by resource count.

NAT gateways

Every NAT Gateway with VPC, subnet, connectivity type and Elastic IP.

Nat Traffic

Every NAT Gateway with bytes-out, connection count and a monthly cost breakdown.

Network ACLs

Every Network ACL with VPC, ingress / egress rules and associated subnets.

Network Exposure

NSG rules allowing inbound from the internet — what's open, which ports and which targets.

Network Exposure

GCP firewall rules allowing inbound from the internet — what's open and to which targets.

Network security groups

Every Network Security Group with inbound / outbound rule counts and associations.

Persistent disks

Every persistent disk with size, type, status and the instance it's attached to.

Pub/Sub subscriptions

Every Pub/Sub subscription with ack deadline, delivery type and dead-letter topic.

Pub/Sub topics

Every Pub/Sub topic with message retention, encryption and subscription count.

Public Exposure Audit

Every publicly-reachable resource — buckets, databases, EC2, ALBs — split into critical vs expected.

Public Exposure Audit

Every publicly-reachable Azure resource — storage, SQL, VMs, App Gateways — critical vs expected.

Public Exposure Audit

Every publicly-reachable GCP resource — buckets, SQL, VMs, load balancers — critical vs expected.

Public IPs

Every Azure Public IP with SKU, allocation method, IP version and attached resource.

Quota Radar

Azure subscription quotas with current usage vs limit — the ones most likely to bite at scale.

Quota Radar

GCP quotas with current usage vs limit — the ones most likely to bite at scale.

Rds Backups

Every RDS instance and Aurora cluster with retention, snapshot age, Multi-AZ and deletion protection.

RDS clusters

Every Aurora cluster with engine, version, writer / readers and storage.

RDS instances

Every RDS instance with engine, version, instance class, Multi-AZ and storage.

Reachability

VPC Reachability Analyzer paths — proof that one resource can or cannot reach another.

Redshift clusters

Every Redshift cluster with node type, count, version and encryption state.

RI & Savings Plans

Reserved Instances and Savings Plans coverage, utilisation and uncovered on-demand usage.

Right-Sizing

EC2, EBS, Lambda and ECS resources AWS thinks are over-provisioned, with projected monthly savings.

Root Summary

Root credential summary: MFA, access keys, last-used, IAM user count and password policy.

Route 53 hosted zones

Every Route 53 hosted zone with public / private flag, record count and name servers.

Route tables

Every route table with VPC, route entries and associated subnets.

Route53

Route 53 hosted zones, DNS records and health checks — DNS state for the account in one view.

Runtime Eol

Lambda functions on deprecated runtimes, with AWS's block-create and disable dates.

S3 Bucket Grid

Every S3 bucket with size, encryption, versioning, public-access-block and storage-class split.

S3 buckets

Every S3 bucket with region, size, versioning, encryption and public-access-block state.

S3 Tree

Browseable folder-tree view of an S3 bucket with per-prefix size and object-count rollups.

Secret Manager

Every Secret Manager secret with replication policy, rotation period and last-rotated date.

Secrets Browser

Every Secrets Manager secret with metadata, version count and last-changed date (no values).

Secrets Manager

Every Secrets Manager secret with last-rotated date, rotation enabled flag and KMS key.

Security groups

Every security group with VPC, ingress / egress rule counts and attached resources.

Security Hub findings

Active Security Hub findings with severity, standard, resource and workflow status.

Security Posture

A 0–100 score for the account's security configuration, broken down by rule category.

Security Recommendations

AWS Security Hub findings across CIS, PCI and AWS Foundational standards, with status and severity.

Security Recommendations

Microsoft Defender for Cloud findings: misconfigurations, vulnerabilities and threats.

Security Recommendations

Security Command Center findings: misconfigurations, vulnerabilities and threats across the project.

Service Account Audit

Every GCP service account with its keys, roles and how recently each key was used.

Service Bus

Every Service Bus namespace with SKU, queue / topic count and managed identity.

Service Principal Audit

Every Azure service principal with its credentials, role assignments and last-used dates.

Service Quotas

AWS service quotas with current usage vs limit — the ones most likely to bite at scale.

Shield protections

Every AWS Shield protection with resource, protection group and current state.

SNS topics

Every SNS topic with subscription count, owner and encryption (KMS) status.

SQL databases

Every Azure SQL Database with edition, service tier, max-size and elastic-pool membership.

SQL servers

Every Azure SQL Server with version, public-network-access flag and admin login.

SQS queues

Every SQS queue with type (standard / FIFO), message count and visibility timeout.

SSM parameters

Every SSM Parameter Store entry with type (String / SecureString) and last-modified date.

Step Functions

Every Step Functions state machine with success/failure rate, duration and 24-hour throughput.

Step Functions

Every Step Functions state machine with type (Standard / Express), status and role.

Storage accounts

Every Azure Storage account with kind, SKU, access tier, encryption and public-access state.

Storage Inventory

Every Azure Storage account with size, access tier, encryption and public-access setting.

Storage Inventory

Every Cloud Storage bucket with size, class, location, encryption and public-access setting.

Subnets

Every subnet with VPC, AZ, CIDR, available IPs and public-IP-on-launch flag.

Subnets

Every subnet with VNet, address prefix, NSG and the resources currently using it.

Subnets

Every subnet with region, primary CIDR, secondary ranges and private-Google-access flag.

Tag Coverage

Which Azure resources carry the required tags and which don't, scored by service type.

Tag Coverage Scorecard

Which AWS resources carry the required tags and which don't, scored by service type.

Transit gateways

Every Transit Gateway with state, owner, attachments and routing tables.

Virtual Machines

Every Azure Virtual Machine with size, OS, power state, region and resource group.

Virtual networks

Every Azure Virtual Network with address space, subnets and DNS server configuration.

VPC endpoints

Every VPC endpoint with service name, type (Gateway / Interface) and subnets.

VPC networks

Every VPC network with subnet mode (auto / custom), MTU and routing mode.

VPC peering

Every VPC peering connection with requester, accepter, region and current status.

Vpc Topology

Per-VPC topology: subnets, route tables, IGWs, NATs, peering and transit-gateway attachments.

VPCs

Every VPC with CIDR, default flag, DNS settings and tenancy.

WAF (CloudFront)

Every CloudFront-scoped WAFv2 ACL with rule count, default action and associated distributions.

WAF (regional)

Every regional WAFv2 ACL with rule count, default action and associated resources.

Xray Map

AWS X-Ray service map of how requests flow between services, with per-edge latency and errors.