AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.
[ aws . resource-explorer-2 ]
Searches for resources and displays details about all resources that match the specified criteria. You must specify a query string.
All search queries must use a view. If you don't explicitly specify a view, then Amazon Web Services Resource Explorer uses the default view for the Amazon Web Services Region in which you call this operation. The results are the logical intersection of the results that match both the QueryString
parameter supplied to this operation and the SearchFilter
parameter attached to the view.
For the complete syntax supported by the QueryString
parameter, see Search query syntax reference for Resource Explorer .
If your search results are empty, or are missing results that you think should be there, see Troubleshooting Resource Explorer search .
See also: AWS API Documentation
search
uses document type values. Document types follow the JSON data model where valid values are: strings, numbers, booleans, null, arrays, and objects. For command input, options and nested parameters that are labeled with the type document
must be provided as JSON. Shorthand syntax does not support document types.
search
is a paginated operation. Multiple API calls may be issued in order to retrieve the entire data set of results. You can disable pagination by providing the --no-paginate
argument.
When using --output text
and the --query
argument on a paginated response, the --query
argument must extract data from the results of the following query expressions: Resources
search
--query-string <value>
[--view-arn <value>]
[--cli-input-json <value>]
[--starting-token <value>]
[--page-size <value>]
[--max-items <value>]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
--query-string
(string)
A string that includes keywords and filters that specify the resources that you want to include in the results.
For the complete syntax supported by the
QueryString
parameter, see Search query syntax reference for Resource Explorer .The search is completely case insensitive. You can specify an empty string to return all results up to the limit of 1,000 total results.
Note
The operation can return only the first 1,000 results. If the resource you want is not included, then use a different value forQueryString
to refine the results.
--view-arn
(string)
Specifies the Amazon resource name (ARN) of the view to use for the query. If you don't specify a value for this parameter, then the operation automatically uses the default view for the Amazon Web Services Region in which you called this operation. If the Region either doesn't have a default view or if you don't have permission to use the default view, then the operation fails with a401 Unauthorized
exception.
--cli-input-json
(string)
Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.
--starting-token
(string)
A token to specify where to start paginating. This is the
NextToken
from a previously truncated response.For usage examples, see Pagination in the AWS Command Line Interface User Guide .
--page-size
(integer)
The size of each page to get in the AWS service call. This does not affect the number of items returned in the command's output. Setting a smaller page size results in more calls to the AWS service, retrieving fewer items in each call. This can help prevent the AWS service calls from timing out.
For usage examples, see Pagination in the AWS Command Line Interface User Guide .
--max-items
(integer)
The total number of items to return in the command's output. If the total number of items available is more than the value specified, a
NextToken
is provided in the command's output. To resume pagination, provide theNextToken
value in thestarting-token
argument of a subsequent command. Do not use theNextToken
response element directly outside of the AWS CLI.For usage examples, see Pagination in the AWS Command Line Interface User Guide .
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
--debug
(boolean)
Turn on debug logging.
--endpoint-url
(string)
Override command's default URL with the given URL.
--no-verify-ssl
(boolean)
By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.
--no-paginate
(boolean)
Disable automatic pagination. If automatic pagination is disabled, the AWS CLI will only make one call, for the first page of results.
--output
(string)
The formatting style for command output.
--query
(string)
A JMESPath query to use in filtering the response data.
--profile
(string)
Use a specific profile from your credential file.
--region
(string)
The region to use. Overrides config/env settings.
--version
(string)
Display the version of this tool.
--color
(string)
Turn on/off color output.
--no-sign-request
(boolean)
Do not sign requests. Credentials will not be loaded if this argument is provided.
--ca-bundle
(string)
The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.
--cli-read-timeout
(int)
The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.
--cli-connect-timeout
(int)
The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.
To use the following examples, you must have the AWS CLI installed and configured. See the Getting started guide in the AWS CLI User Guide for more information.
Unless otherwise stated, all examples have unix-like quotation rules. These examples will need to be adapted to your terminal's quoting rules. See Using quotation marks with strings in the AWS CLI User Guide .
Example 1: To search using the default view
The following search
example displays all resources in the specified that are associated with the service. The search uses the default view for the Region. The example response includes a NextToken
value, which indicates that there is more output available to retrieve with additional calls.
aws resource-explorer-2 search \
--query-string "service:iam"
Output:
{
"Count": {
"Complete": true,
"TotalResources": 55
},
"NextToken": "AG9VOEF1KLEXAMPLEOhJHVwo5chEXAMPLER5XiEpNrgsEXAMPLE...b0CmOFOryHEXAMPLE",
"Resources": [{
"Arn": "arn:aws:iam::123456789012:policy/service-role/Some-Policy-For-A-Service-Role",
"LastReportedAt": "2022-07-21T12:34:42Z",
"OwningAccountId": "123456789012",
"Properties": [],
"Region": "global",
"ResourceType": "iam:policy",
"Service": "iam"
}, {
"Arn": "arn:aws:iam::123456789012:policy/service-role/Another-Policy-For-A-Service-Role",
"LastReportedAt": "2022-07-21T12:34:42Z",
"OwningAccountId": "123456789012",
"Properties": [],
"Region": "global",
"ResourceType": "iam:policy",
"Service": "iam"
}, {
... TRUNCATED FOR BREVITY ...
}],
"ViewArn": "arn:aws:resource-explorer-2:us-east-1:123456789012:view/my-default-view/EXAMPLE8-90ab-cdef-fedc-EXAMPLE11111"
}
Example 2: To search using a specified view
The following search
example search displays all resources ("*") in the specified AWS Region that are visible through the specified view. The results include only resources associated with Amazon EC2 because of the filters attached to the view.
aws resource-explorer-2 search \
-- query-string "*" \
-- view-arn arn:aws:resource-explorer-2:us-east-1:123456789012:view/My-EC2-view/EXAMPLE8-90ab-cdef-fedc-EXAMPLE22222
Output:
HTTP/1.1 200 OK
Date: Tue, 01 Nov 2022 20:00:59 GMT
Content-Type: application/json
Content-Length: <PayloadSizeBytes>
{
"Count": {
"Complete": true,
"TotalResources": 67
},
"Resources": [{
"Arn": "arn:aws:ec2:us-east-1:123456789012:network-acl/acl-1a2b3c4d",
"LastReportedAt": "2022-07-21T18:52:02Z",
"OwningAccountId": "123456789012",
"Properties": [{
"Data": [{
"Key": "Department",
"Value": "AppDevelopment"
}, {
"Key": "Environment",
"Value": "Production"
}],
"LastReportedAt": "2021-11-15T14:48:29Z",
"Name": "tags"
}],
"Region": "us-east-1",
"ResourceType": "ec2:network-acl",
"Service": "ec2"
}, {
"Arn": "arn:aws:ec2:us-east-1:123456789012:subnet/subnet-1a2b3c4d",
"LastReportedAt": "2022-07-21T21:22:23Z",
"OwningAccountId": "123456789012",
"Properties": [{
"Data": [{
"Key": "Department",
"Value": "AppDevelopment"
}, {
"Key": "Environment",
"Value": "Production"
}],
"LastReportedAt": "2021-07-29T19:02:39Z",
"Name": "tags"
}],
"Region": "us-east-1",
"ResourceType": "ec2:subnet",
"Service": "ec2"
}, {
"Arn": "arn:aws:ec2:us-east-1:123456789012:dhcp-options/dopt-1a2b3c4d",
"LastReportedAt": "2022-07-21T06:08:53Z",
"OwningAccountId": "123456789012",
"Properties": [{
"Data": [{
"Key": "Department",
"Value": "AppDevelopment"
}, {
"Key": "Environment",
"Value": "Production"
}],
"LastReportedAt": "2021-11-15T15:11:05Z",
"Name": "tags"
}],
"Region": "us-east-1",
"ResourceType": "ec2:dhcpoptions",
"Service": "ec2"
}, {
... TRUNCATED FOR BREVITY ...
}],
"ViewArn": "arn:aws:resource-explorer-2:us-east-1:123456789012:view/My-EC2-view/EXAMPLE8-90ab-cdef-fedc-EXAMPLE22222"
}
For more information, see Using AWS Resource Explorer to search for resources in the AWS Resource Explorer Users Guide.
Count -> (structure)
The number of resources that match the query.
Complete -> (boolean)
Indicates whether the
TotalResources
value represents an exhaustive count of search results.
- If
True
, it indicates that the search was exhaustive. Every resource that matches the query was counted.- If
False
, then the search reached the limit of 1,000 matching results, and stopped counting.TotalResources -> (long)
The number of resources that match the search query. This value can't exceed 1,000. If there are more than 1,000 resources that match the query, then only 1,000 are counted and theComplete
field is set to false. We recommend that you refine your query to return a smaller number of results.
NextToken -> (string)
If present, indicates that more output is available than is included in the current response. Use this value in theNextToken
request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until theNextToken
response element comes back asnull
. The pagination tokens expire after 24 hours.
Resources -> (list)
The list of structures that describe the resources that match the query.
(structure)
A resource in Amazon Web Services that Amazon Web Services Resource Explorer has discovered, and for which it has stored information in the index of the Amazon Web Services Region that contains the resource.
Arn -> (string)
The Amazon resource name (ARN) of the resource.LastReportedAt -> (timestamp)
The date and time that Resource Explorer last queried this resource and updated the index with the latest information about the resource.OwningAccountId -> (string)
The Amazon Web Services account that owns the resource.Properties -> (list)
A structure with additional type-specific details about the resource. These properties can be added by turning on integration between Resource Explorer and other Amazon Web Services services.
(structure)
A structure that describes a property of a resource.
Data -> (document)
Details about this property. The content of this field is a JSON object that varies based on the resource type.LastReportedAt -> (timestamp)
The date and time that the information about this resource property was last updated.Name -> (string)
The name of this property of the resource.Region -> (string)
The Amazon Web Services Region in which the resource was created and exists.ResourceType -> (string)
The type of the resource.Service -> (string)
The Amazon Web Services service that owns the resource and is responsible for creating and updating it.
ViewArn -> (string)
The Amazon resource name (ARN) of the view that this operation used to perform the search.