AWS

Public Exposure Audit

Every publicly-reachable resource — buckets, databases, EC2, ALBs — split into critical vs expected.

Tier Explorer

Category Security & Identity

Refresh every 30 min

Scope regional

Live preview — demo data

Same idea on another cloud

Azure Public Exposure Audit GCP Public Exposure Audit

What this pane shows

A cross-service roll-up of every resource the internet can reach: publicly-accessible RDS, public S3 buckets, EC2 instances with public IPs, internet-facing ALBs and NLBs, CloudFront distributions, public Lambda function URLs and public API Gateways. Critical exposures (e.g. a public database) are surfaced first; expected exposures (web servers, public CDN) are grouped separately.

Key use cases

Find a database, queue or storage resource that's accidentally public.
Confirm intentional public-facing infrastructure has the expected configuration (WAF, OAC, etc.).
Audit external attack surface during a security review.
Catch a new service spinning up with the public-access default still on.

How to embed

Drop this snippet on any HTML page that loads lp-embed.js. The pane mounts itself wherever the matching <div> is in the DOM.

<div class="lp-public-exposure-panel"
     data-lp-account="<your-account-alias>"></div>
<script src="https://lightpane.io/embed/lp-embed.js"
        data-lp-key="<your-access-key>"></script>
<script src="https://lightpane.io/_pane-tests/aws/public-exposure/public-exposure.js"
        defer></script>

Tier

Available on Explorer and above.

Build notes

Mock-only at the moment — live-wiring tracked in the roadmap.