Public Exposure Audit
Every publicly-reachable resource — buckets, databases, EC2, ALBs — split into critical vs expected.
Same idea on another cloud
What this pane shows
A cross-service roll-up of every resource the internet can reach: publicly-accessible RDS, public S3 buckets, EC2 instances with public IPs, internet-facing ALBs and NLBs, CloudFront distributions, public Lambda function URLs and public API Gateways. Critical exposures (e.g. a public database) are surfaced first; expected exposures (web servers, public CDN) are grouped separately.
Key use cases
- Find a database, queue or storage resource that's accidentally public.
- Confirm intentional public-facing infrastructure has the expected configuration (WAF, OAC, etc.).
- Audit external attack surface during a security review.
- Catch a new service spinning up with the public-access default still on.
How to embed
lp.js is the single-entry loader: it injects the shared LightPane runtime
(and sd-embed.css) once per page. Add this pane's own stylesheet and script;
the pane mounts itself wherever the matching <div> is in the DOM.
<!-- In <head> — this pane's stylesheet -->
<link rel="stylesheet" href="https://lightpane.io/_pane-tests/aws/public-exposure/public-exposure.css">
<!-- Your access key (inline, or set window.lpEmbed.accessKey from your own JS) -->
<script>window.lpEmbed = { accessKey: "<your-access-key>" };</script>
<!-- Where the pane should appear -->
<div class="lp-public-exposure-panel" data-lp-account="<your-account-alias>"></div>
<!-- Before </body> — shared loader + this pane's script -->
<script src="https://lightpane.io/embed/lp.js"></script>
<script src="https://lightpane.io/_pane-tests/aws/public-exposure/public-exposure.js" defer></script>
Tier
Available on Explorer and above.
Build notes
Mock-only at the moment — live-wiring tracked in the roadmap.