Turning on Resource Explorer in an AWS Region to index your resources - AWS Resource Explorer
Create a Resource Explorer index in a Region

Turning on Resource Explorer in an AWS Region to index your resources

When you initially turn on AWS Resource Explorer in your AWS account, you created indexes for the service in one or more AWS Regions. If you used the Quick setup option, Resource Explorer automatically created indexes in all AWS Regions that are turned on in your AWS account. The Resource Explorer service also promoted the index in the specified Region to be the aggregator index for the account. If you used the Advanced setup option, you specified the Regions in which to create indexes.

Topics

When you turn on Resource Explorer in an AWS Region, the service performs the following actions:

  • When you start Resource Explorer in the first Region in an AWS account, Resource Explorer creates a service-linked role in the account named AWSServiceRoleForResourceExplorer. This role grants permissions for Resource Explorer to discover and index the resources in your account by using services such as AWS CloudTrail and the tagging service. Creation of the service-linked role happens only when you register the first AWS Region in the account. Resource Explorer uses the same service-linked role for all additional Regions that you add later.

  • Resource Explorer creates an index in the specified Region to store the details about that Region's resources.

  • Resource Explorer begins discovering the resources in the specified Region and adds the information it finds about them to that Region's index.

  • If your account already contains an aggregator index in a different Region, Resource Explorer starts replicating the information from the new Region's index to the aggregator index to support cross-Region search.

When those steps are complete, information about your resources is available to be discovered by users. They can search by using one of the views defined in either the same Region or the Region that contains the aggregator index.

Create a Resource Explorer index in a Region

You can create a Resource Explorer index in an additional AWS Region by using the AWS Management Console, by using commands in the AWS Command Line Interface (AWS CLI), or by using API operations in an AWS SDK. You can create only one index in a Region.

Minimum permissions

To perform the steps in the following procedure, you must have the following permissions:

  • Action: resource-explorer-2:*Resource: no specific resource (*)

  • Action: iam:CreateServiceLinkedRoleResource: no specific resource (*)

AWS Management Console
To create a Resource Explorer index in an AWS Region

  1. On the Resource Explorer Settings page.

  2. In the Indexes section, choose Create indexes.

  3. On the Create indexes page, select the check boxes next to the AWS Regions in which you want to create an index to support searching that Region's resources. Unavailable check boxes indicate Regions that already contain a Resource Explorer index.

  4. (Optional) In the Tags section, you can specify tag key and value pairs to the index.

  5. Choose Create indexes.

    Resource Explorer displays a green banner at the top of the page to indicate success, or a red banner if there is an error creating an index in one or more of the selected Regions.

    Note

    Tagged resources local to the index appear in search results within a few minutes. Untagged resources typically take less than two hours to appear, but can take longer when there is heavy demand. It can also can take up to an hour to complete the initial replication to a new aggregator index from all of the existing local indexes.

Next step – If you already created an aggregator index, then the new Regions automatically begin to replicate their index information to the aggregator index. If that is where your users do all of their searching, then the resources in the new Region appear in those search results and you're done.

However, if you want users to be able to search for resources in only the newly indexed Region, then you must also create a view for users in that Region and grant your users permissions to that view. For instructions on how to create a view, see Managing Resource Explorer views to provide access to search.

AWS CLI
To create a Resource Explorer index in an AWS Region

Run the following command for each AWS Region in which you want to create an index to support searching that Region's resources. The following example command registers Resource Explorer in the US East (N. Virginia) (us-east-1).

$ aws resource-explorer-2 create-index \
    --region us-east-1
{
    "Arn": "arn:aws:resource-explorer-2:us-east-1:123456789012:index/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111",
    "CreatedAt": "2022-11-01T20:00:59.149Z",
    "State": "CREATING"
}

Repeat this command for each Region in which you want to turn on Resource Explorer, substituting the appropriate Region code for the --region parameter.

Because Resource Explorer performs some of the index creation as asynchronous tasks in the background, the response can be CREATING, which indicates that the background processes are not yet complete.

Note

Tagged resources local to the index appear in search results within a few minutes. Untagged resources typically take less than two hours to appear, but can take longer when there is heavy demand. It can also can take up to an hour to complete the initial replication to a new aggregator index from all of the existing local indexes.

You can check for final completion by running the following command, and checking for the ACTIVE state.

$ aws resource-explorer-2 get-index \
    --region us-east-1
{
    "Arn": "arn:aws:resource-explorer-2:us-east-1:123456789012:index/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111",
    "CreatedAt": "2022-07-12T18:59:10.503000+00:00",
    "LastUpdatedAt": "2022-07-13T18:41:58.799000+00:00",
    "ReplicatingFrom": [],
    "State": "ACTIVE",
    "Tags": {},
    "Type": "LOCAL"
}

Next step – If you already created an aggregator index, then the new Regions automatically begin to replicate their index information to the aggregator index. If that is where your users do all of their searching, then the resources in the new Region appear in those search results and you're done.

However, if you want users to be able to search for resources in only the newly indexed Region, then you must also create a view for users in that Region and grant your users permissions to that view. For instructions on how to create a view, see Managing Resource Explorer views to provide access to search.