AWS managed views

A managed view is how other AWS services can access resource information indexed by Resource Explorer for your AWS account or organization with your consent.

Topics

About managed views

Managed views can only be updated or deleted by the service that created the managed view. An AWS service creates a managed view using IAM forward access sessions (FAS) or a service-linked role (SLR).

Resource Explorer uses a resource-based policy to control access to the managed view. When an AWS service creates a managed view, Resource Explorer attaches the resource-based policy to the view. This policy allows the managing AWS service to use and delete the view and allows view's resource owners to list and retrieve details about the view. The following is an example resource-based policy attached to a managed view:


{
  Version:"2012-10-17",
  Statement:[
    {
      Sid:"view_UUID_ACCESS_TO_SERVICE_PRINCIPAL",
      Effect:"Allow",
      Principal:{
        Service:"sampleservice.amazonaws.com"
      },
      Action:[
        "resource-explorer-2:GetManagedView",
        "resource-explorer-2:DeleteManagedView",
        "resource-explorer-2:Search"
      ],
      Resource:"managed_view_ARN",
      Condition:{
        StringEquals:{
          'aws:SourceAccount':"owner_accountID"
        }
      }
    },
    {
      Sid:"view_UUID_DENY_ACCESS_TO_NON_SERVICE_PRINCIPAL",
      Effect:"Deny",
      Principal:"*",
      Condition:{
        'ForAllValues:StringNotEquals':{
          'aws:PrincipalServiceNamesList':[
            "sampleservice.amazonaws.com"
          ]
        }
      },
      NotAction:[
        "resource-explorer-2:GetManagedView"
      ],
      Resource:"managed_view_ARN"
    }
  ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Deleting views

Listing managed views