CloudTrail Events
CloudTrail audit trail of every API call that changed the account — filter, search and drill in.
What this pane shows
Every mutating AWS API call (create, update, delete, configure) made against this account, drawn from CloudTrail. Each row collapses to a one-line summary; expand to see the caller, target resource, source IP, user agent and full request parameters. Filter by service category to focus on a single dimension of activity (IAM, S3, KMS, network changes, etc.) or hide AWS-internal operations like replication and continuous backups.
Key use cases
- Answer "what changed?" while investigating an incident.
- Audit which principal made a sensitive IAM change.
- Trace a configuration change back to the deploy job that made it.
- Filter to security-relevant categories for a focused security review.
How to embed
lp.js is the single-entry loader: it injects the shared LightPane runtime
(and sd-embed.css) once per page. Add this pane's own stylesheet and script;
the pane mounts itself wherever the matching <div> is in the DOM.
<!-- In <head> — this pane's stylesheet -->
<link rel="stylesheet" href="https://lightpane.io/_pane-tests/aws/incident-trail/incident-trail.css">
<!-- Your access key (inline, or set window.lpEmbed.accessKey from your own JS) -->
<script>window.lpEmbed = { accessKey: "<your-access-key>" };</script>
<!-- Where the pane should appear -->
<div class="lp-incident-trail-panel" data-lp-account="<your-account-alias>"></div>
<!-- Before </body> — shared loader + this pane's script -->
<script src="https://lightpane.io/embed/lp.js"></script>
<script src="https://lightpane.io/_pane-tests/aws/incident-trail/incident-trail.js" defer></script>
Tier
Available on Builder and above.
Build notes
Mock-only at the moment — live-wiring tracked in the roadmap.