Prerequisites Enable multi-account search Multi-account Quick Setup

Turning on multi-account search

With multi-account search, you can search for resources across accounts with active indexes in your AWS Organizations or organizational unit (OU).

Topics

Prerequisites

To turn on multi-account search for your organization, complete the following:

For opt-in Regions, verify your management account is also opted-in where you are turning on multi-account search.
Create an administrative user.
Create a service-linked role in the administrator account with aws iam create-service-linked-role --aws-service-name resource-explorer-2.amazonaws.com.
Enable trusted access in AWS Organizations. This allows full integration with Resource Explorer to list resources across all accounts in your organization.
Assign a delegated administrator (recommended). For more information, see Delegated administrator for AWS services that work with Organizations in the AWS Organizations User Guide.
- Resource Explorer supports only 1 delegated administrator who performs similar actions to the management account.
- Removing or changing the delegated administrator for your organization results in the removal of all multi-account views created in their account.

Enable multi-account search

To search and discover resources across your organization's accounts, you must complete the following steps:

Multi-account Quick Setup

Enable Resource Explorer across multiple accounts in your organization with the Quick Setup.

Note

This process does not deploy any resources in the management account. If you are using the management account and you want indexes in the account, you must manually add them with the Resource Explorer onboarding flow.

Navigate to Quick Setup for Resource Explorer in the Systems Manager console.
Choose your Aggregator index Region. This allows you to search for resources located in all Regions in the selected target accounts. If any of the selected target accounts already have an aggregator index configured in another Region, the existing aggregator index will be automatically replaced with this new Region.
Choose your account Targets. You can enable Resource Explorer for your entire organization or for specific organizational units (OUs).

Note
You can deploy to a maximum of 50,000 AWS CloudFormation stacks at a time. If you have a large organization that spans multiple Regions, you should deploy at the OU level in smaller batches.
Read through the summary of acknowledgements before you choose Create.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Demoting the aggregator index

Effect of account actions on multi-account search