Skip to content

Service Catalogue

LightPane discovers cloud resources by calling provider APIs and returning structured data. Each supported service has a definition that specifies which API to call, what attributes to extract, and how to format the results.

How services work

  1. Your service request specifies a service identifier (e.g., ec2, s3, gcp_compute_instances)
  2. LightPane looks up the service definition to determine which provider API to call
  3. The API is called using the credentials from your linked cloud account
  4. Results are extracted, formatted, and returned as structured rows and columns

Each service has:

  • A unique identifier used in API requests and SDK configuration
  • A set of attributes (columns) that can be returned
  • A provider and API mapping defining how discovery works

Supported providers

Provider Service count Status
AWS 56 Full support
GCP 29 Full support
Azure 20 Early access

Service tiers

Services are organised into tiers based on API cost and response time:

Tier API calls Cache TTL Description
Tier 1 — Core 1 API call 5 minutes High-traffic services. Single, fast API call. Examples: EC2, S3, Lambda.
Tier 2 — Standard 1-3 API calls 15 minutes Services requiring multiple API calls or moderate data. Examples: RDS, ECS, VPCs.
Tier 3 — Extended 3+ API calls 30 minutes Services requiring many API calls, aggregation, or enrichment. Examples: IAM analysis, cost data.

Cache TTLs are the default for cached responses. Live requests (source: 'live') bypass the cache and call the provider API directly.

Using services in requests

serviceDiscoveryRequests.push({
    service: 'ec2',          // service identifier
    provider: 'aws',         // provider
    region: 'eu-west-2',     // region
    attributes: ['name', 'instance_id', 'state']
});

{
    "services": [{
        "service": "ec2",
        "provider": "aws",
        "region": "eu-west-2",
        "attributes": ["name", "instance_id", "state"]
    }]
}

Service scope on access keys

When creating an access key, you can restrict it to specific services:

  • ["*"] — all services (default)
  • ["ec2", "s3", "lambda_functions"] — only these three services

If a request asks for a service outside the key's scope, the API returns 403.

Provider service lists

  • AWS Services — 57 services including compute, storage, networking, security, and more
  • GCP Services — 29 services covering compute, storage, networking, and managed services
  • Azure Services — 20 services (early access)

For full per-service attribute documentation, see the Service Reference section in the navigation.