Setting up and configuring Resource Explorer

Before you can set up and configure AWS Resource Explorer, first ensure that you meet the prerequisites. After that, sign in as an IAM role or user that has the permissions required to perform the Resource Explorer operations for the following procedure.

You can use this set up and configuration procedure to set up Resource Explorer in existing accounts, and in any new accounts added to your organization.

There are two ways to set up Resource Explorer:

Quick setup
Advanced setup

Important

If you choose to set up Resource Explorer using any option that says "all AWS Regions", it activates only those AWS Regions that exist and that are enabled in the AWS account at the time you perform the procedure. Resource Explorer does not automatically turn on in any AWS Regions that AWS adds in the future. When AWS introduces a new Region, you can choose to turn on Resource Explorer in the Region manually when it appears in the Settings page of the Resource Explorer console, or by calling the CreateIndex operation.

Note

Setting up Resource Explorer can also turn on the ability to search for resources by using the unified search bar on the AWS Management Console. For users to see resources in the unified search results, you must configure Resource Explorer with a cross-Region aggregator index and a default view. For details, see the following procedures. You must also ensure that your searching users have permission to use the default view in the AWS Region that contains the aggregator index. For more information, see Using unified search in the AWS Management Console.

Setting up Resource Explorer using Quick setup

If you choose the Quick setup option, Resource Explorer does the following:

Creates an index in every AWS Region in your AWS account.
Updates the index in the Region you specify to be the aggregator index for the account.
Creates a default view in the aggregator index Region. This view has no filters so it returns all resources found in the index.

Minimum permissions

To perform the steps in the following procedure, you must have the following permissions:

Action: resource-explorer-2:* – Resource: no specific resource (*)
Action: iam:CreateServiceLinkedRole – Resource: no specific resource (*)

AWS Management Console

To set up Resource Explorer using Quick setup

Open the AWS Resource Explorer console at https://console.aws.amazon.com/resource-explorer.
Choose Turn on Resource Explorer.
On the Turn on Resource Explorer page, choose Quick setup.
Choose which AWS Region you want to contain the aggregator index. You should select the Region that is appropriate for the geographic location for your users.
At the bottom of the page, choose Turn on Resource Explorer.
On the Progress page, you can monitor each AWS Region as Resource Explorer creates its index. The page displays the status of creating the aggregator index and creating the default view.

After all steps show that they completed successfully, you and your users can navigate to the Resource search page and begin searching for resources.

Note

Tagged resources local to the index appear in search results within a few minutes. Untagged resources typically take less than two hours to appear, but can take longer when there is heavy demand. It can also can take up to an hour to complete the initial replication to a new aggregator index from all of the existing local indexes.

Next steps: Before your users can search with the default view you just created, you must grant them permissions to search with it. For more information, see Granting access to Resource Explorer views for search.

AWS CLI

Setting up Resource Explorer in your AWS account by using the AWS CLI is, by definition, equivalent to the Advanced setup option. This is because the Resource Explorer CLI operations don't perform any of the steps for you automatically like the Resource Explorer console does. See the AWS CLI tab on the Setting up Resource Explorer using Advanced setup to see what commands are the equivalent of using the console.

Setting up Resource Explorer using Advanced setup

If you choose the Advanced setup option, you can do the following:

Choose the AWS Regions in which to turn on Resource Explorer.
Choose whether to configure one Region with an aggregator index. If you do, you specify the AWS Region to place it in. This index allows you to create views that can include resources from all Regions in the account. For more information, see Turning on cross-Region search by creating an aggregator index.
Choose whether to create a default view. That view allows searching automatically for any AWS resource in the Regions in which you turn on Resource Explorer. You must ensure that any principals who need to use the default view to search in Resource Explorer have permissions on the view. For more information, see Granting access to Resource Explorer views for search.

Note

You can configure Resource Explorer to include your resources in the search results provided by the unified search feature on the AWS Management Console. To turn on this feature, you must configure Resource Explorer with an aggregator index and a default view that all roles and users can search with. The Quick setup option creates both the aggregator index and default view and is the way we recommend that you turn on Resource Explorer.

Minimum permissions

To perform the steps in the following procedure, you must have the following permissions:

Action: resource-explorer-2:* – Resource: no specific resource (*)
Action: iam:CreateServiceLinkedRole – Resource: no specific resource (*)

AWS Management Console

To turn on Resource Explorer using Advanced setup

Open the AWS Resource Explorer console at https://console.aws.amazon.com/resource-explorer.
Choose Turn on Resource Explorer.
On the Turn on Resource Explorer page, choose Advanced setup.
In the AWS Regions box, under Regions, choose whether you want to turn on Resource Explorer in all AWS Regions, or only specific Regions.

If you choose Turn on Resource Explorer in only the specified AWS Regions in this account, select each Region whose resources you want to include in search results.
For Aggregator index, choose whether you want to create an aggregator index. If you choose to create an aggregator index, all other AWS Regions replicate their indexes to this Region. This lets users search for resources across all selected Regions in the AWS account. Choose the AWS Region that contains the aggregator index. We recommend that you specify the Region where your users spend most of their time, or at least where you expect them to perform most of their resource searches.
In the Default view box, under View creation, choose whether to create a default view. This option is available only if you chose to create an aggregator index. If you choose to create a default view, Resource Explorer places this view in the same AWS Region as the aggregator index. This lets the default view include results from all AWS Regions in which you registered Resource Explorer. Whenever a user performs a search in a Region with a default view and doesn't explicitly specify a view, the search uses the default view for that Region.

Note
Before your users can search with a view, you must grant them permissions to use that view. For more information, see Granting access to Resource Explorer views for search.
Choose Activate Resource Explorer.

Note
Tagged resources local to the index appear in search results within a few minutes. Untagged resources typically take less than two hours to appear, but can take longer when there is heavy demand. It can also can take up to an hour to complete the initial replication to a new aggregator index from all of the existing local indexes.

AWS CLI

To set up Resource Explorer using Advanced setup

The Resource Explorer console performs many API operation calls on your behalf based on the choices you make. The following example AWS CLI commands illustrate how to perform the same basic procedures outside of the console using the AWS CLI.

Example Step 1: Turn on Resource Explorer by creating indexes in the desired AWS Regions

Run the following command in each AWS Region in which you want to activate Resource Explorer. The following example command turns on Resource Explorer in the AWS Region that is the default for the AWS CLI.


$ aws resource-explorer-2 create-index
{
    "Arn": "arn:aws:resource-explorer-2:us-east-1:123456789012:index/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111",
    "CreatedAt": "2022-07-27T16:17:12.130000+00:00",
    "State": "CREATING"
}

Example Step 2: Update the index in one AWS Region to be the aggregator index for the account

Run the following command in the AWS Region in which you want Resource Explorer to update the local index to the aggregator index for the account. The following example command updates the aggregator index in the US East (N. Virginia) (us-east-1).


$ aws resource-explorer-2 update-index-type \
    --arn arn:aws:resource-explorer-2:us-east-1:123456789012:index/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111 \
    --type AGGREGATOR
{
    "Arn": "arn:aws:resource-explorer-2:us-east-1:123456789012:index/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111",
    "LastUpdatedAt": "2022-07-27T16:29:49.231000+00:00",
    "State": "UPDATING",
    "Type": "AGGREGATOR"
}

Example Step 3: Create a view in the AWS Region that contains the aggregator index

Run the following command in the AWS Region in which you created the aggregator index. The following example command creates a view identical to the one created by the Resource Explorer console setup process. This new view includes tags attached to the resource as part of the indexed information and supports searching for resources by tag key or value.


$ aws resource-explorer-2 create-view \
    --view-name My-New-View \
    --included-properties Name=tags
{
    "View": {
        "Filters": {
            "FilterString": ""
        },
        "IncludedProperties": [
            {
                "Name": "tags"
            }
        ],
        "LastUpdatedAt": "2022-07-27T16:34:14.960000+00:00",
        "Owner": "123456789012",
        "Scope": "arn:aws:iam::123456789012:root",
        "ViewArn": "arn:aws:resource-explorer-2:us-east-1:123456789012:view/My-New-View/1a2b3c4d-5d6e-7f8a-9b0c-abcd22222222"
    }
}

Example Step 4: Set your new view as the default for its AWS Region

The following example sets the view you created in the previous step as the default for the Region. You must run the following command in the same AWS Region in which you created the default view.


$ aws resource-explorer-2 associate-default-view \
    --view-arn arn:aws:resource-explorer-2:us-east-1:123456789012:view/My-New-View/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111
{
    "ViewArn": "arn:aws:resource-explorer-2:us-east-1:123456789012:view/My-New-View/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111"
}

Before your users can search with a view, you must grant them permissions to use that view. For more information, see Granting access to Resource Explorer views for search.

After you run those commands, Resource Explorer is running in the specified Regions in your AWS account. Resource Explorer builds and maintains an index in each Region with details of the resources located there. Resource Explorer replicates each of the individual Region indexes to the aggregator index in the specified Region. That Region also contains a view that allows any IAM role or user in the account to search for resources across all indexed Regions.

Note

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Prerequisites

Identify Resource Explorer status in AWS Regions