Setting up and configuring Resource Explorer

Before you can set up and configure Amazon Resource Explorer, first ensure that you meet the prerequisites. After that, sign in as an IAM role or user that has the permissions required to perform the required Resource Explorer operations for the following procedure.

There are two ways to set up Resource Explorer:

Quick setup
Advanced setup

Important

If you choose to set up Resource Explorer using any option that says "all Amazon Web Services Regions", it activates only those Amazon Web Services Regions that exist and that are enabled in the Amazon Web Services account at the time you perform the procedure. Resource Explorer does not automatically turn on in any Amazon Web Services Regions that Amazon adds in the future. When Amazon introduces a new Region, you can choose to turn on Resource Explorer in the Region manually when it appears in the Settings page of the Resource Explorer console, or by calling the CreateIndex operation.

Note

Setting up Resource Explorer can also turn on the ability to search for resources by using the unified search bar on the Amazon Web Services Management Console. For users to see resources in the unified search results, you must configure Resource Explorer with a cross-Region aggregator index and a default view. For details, see the following procedures. You must also ensure that your searching users have permission to use the default view in the Amazon Web Services Region that contains the aggregator index. For more information, see Using unified search in the Amazon Web Services Management Console.

Setting up Resource Explorer using Quick setup

If you choose the Quick setup option, Resource Explorer does the following:

Creates an index in every Amazon Web Services Region in your Amazon Web Services account.
Updates the index in the Region you specify to be the aggregator index for the account.
Creates a default view in the aggregator index Region. This view has no filters so it returns all resources found in the index.

Minimum permissions

To perform the steps in the following procedure, you must have the following permissions:

Action: resource-explorer-2:* – Resource: no specific resource (*)
Action: iam:CreateServiceLinkedRole – Resource: no specific resource (*)

Amazon Web Services Management Console

To set up Resource Explorer using Quick setup

Open the Amazon Resource Explorer console at https://console.amazonaws.cn/resource-explorer.
Choose Turn on Resource Explorer.
On the Turn on Resource Explorer page, choose Quick setup.
Choose which Amazon Web Services Region you want to contain the aggregator index. You should select the Region that is appropriate for the geographic location for your users.
At the bottom of the page, choose Turn on Resource Explorer.
On the Progress page, you can monitor each Amazon Web Services Region as Resource Explorer creates its index. The page displays the status of creating the aggregator index and creating the default view.

After all steps show that they completed successfully, you and your users can navigate to the Resource search page and begin searching for resources.

Note

Tagged resources local to the index appear in search results within a few minutes. Untagged resources typically take less than two hours to appear, but can take longer when there is heavy demand. It can also can take up to an hour to complete the initial replication to a new aggregator index from all of the existing local indexes.

Next steps: Before your users can search with the default view you just created, you must grant them permissions to search with it. For more information, see Granting access to Resource Explorer views for search.

Amazon CLI

Setting up Resource Explorer in your Amazon Web Services account by using the Amazon CLI is, by definition, equivalent to the Advanced setup option. This is because the Resource Explorer CLI operations don't perform any of the steps for you automatically like the Resource Explorer console does. See the Amazon CLI tab on the Setting up Resource Explorer using Advanced setup to see what commands are the equivalent of using the console.

Setting up Resource Explorer using Advanced setup

If you choose the Advanced setup option, you can do the following:

Choose the Amazon Web Services Regions in which to turn on Resource Explorer.
Choose whether to configure one Region with an aggregator index. If you do, you specify the Amazon Web Services Region to place it in.
Choose whether to create a default view. That view allows searching automatically for any Amazon resource in the Regions in which you turn on Resource Explorer. You must ensure that any principals who need to use the default view to search in Resource Explorer have permissions on the view. For more information, see Granting access to Resource Explorer views for search.

Note

You can configure Resource Explorer to include your resources in the search results provided by the unified search feature on the Amazon Web Services Management Console. To turn on this feature, you must configure Resource Explorer with an aggregator index and a default view that all roles and users can search with. The Quick setup option creates both the aggregator index and default view and is the way we recommend that you turn on Resource Explorer.

Minimum permissions

To perform the steps in the following procedure, you must have the following permissions:

Action: resource-explorer-2:* – Resource: no specific resource (*)
Action: iam:CreateServiceLinkedRole – Resource: no specific resource (*)

Amazon Web Services Management Console

To turn on Resource Explorer using Advanced setup

Open the Amazon Resource Explorer console at https://console.amazonaws.cn/resource-explorer.
Choose Turn on Resource Explorer.
On the Turn on Resource Explorer page, choose Advanced setup.
In the Amazon Web Services Regions box, under Regions, choose whether you want to turn on Resource Explorer in all Amazon Web Services Regions, or only specific Regions.

If you choose Turn on Resource Explorer in only the specified Amazon Web Services Regions in this account, select each Region whose resources you want to include in search results.
For Aggregator index, choose whether you want to create an aggregator index. If you choose to create an aggregator index, all other Amazon Web Services Regions replicate their indexes to this Region. This lets users search for resources across all selected Regions in the Amazon Web Services account. Choose the Amazon Web Services Region that contains the aggregator index. We recommend that you specify the Region where your users spend most of their time, or at least where you expect them to perform most of their resource searches.
In the Default view box, under View creation, choose whether to create a default view. This option is available only if you chose to create an aggregator index. If you choose to create a default view, Resource Explorer places this view in the same Amazon Web Services Region as the aggregator index. This lets the default view include results from all Amazon Web Services Regions in which you registered Resource Explorer. Whenever a user performs a search in a Region with a default view and doesn't explicitly specify a view, the search uses the default view for that Region.

Note
Before your users can search with a view, you must grant them permissions to use that view. For more information, see Granting access to Resource Explorer views for search.
Choose Activate Resource Explorer.

Note
Tagged resources local to the index appear in search results within a few minutes. Untagged resources typically take less than two hours to appear, but can take longer when there is heavy demand. It can also can take up to an hour to complete the initial replication to a new aggregator index from all of the existing local indexes.

Amazon CLI

To set up Resource Explorer using Advanced setup

The Resource Explorer console performs many API operation calls on your behalf based on the choices you make. The following example Amazon CLI commands illustrate how to perform the same basic procedures outside of the console using the Amazon CLI.

Example Step 1: Turn on Resource Explorer by creating indexes in the desired Amazon Web Services Regions

Run the following command in each Amazon Web Services Region in which you want to activate Resource Explorer. The following example command turns on Resource Explorer in the Amazon Web Services Region that is the default for the Amazon CLI.


$ aws resource-explorer-2 create-index
{
    "Arn": "arn:aws-cn:resource-explorer-2:cn-north-1:123456789012:index/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111",
    "CreatedAt": "2022-07-27T16:17:12.130000+00:00",
    "State": "CREATING"
}

Example Step 2: Update the index in one Amazon Web Services Region to be the aggregator index for the account

Run the following command in the Amazon Web Services Region in which you want Resource Explorer to update the local index to the aggregator index for the account. The following example command updates the aggregator index in the US East (N. Virginia) (us-east-1).


$ aws resource-explorer-2 update-index-type \
    --arn arn:aws-cn:resource-explorer-2:cn-north-1:123456789012:index/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111 \
    --type AGGREGATOR
{
    "Arn": "arn:aws-cn:resource-explorer-2:cn-north-1:123456789012:index/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111",
    "LastUpdatedAt": "2022-07-27T16:29:49.231000+00:00",
    "State": "UPDATING",
    "Type": "AGGREGATOR"
}

Example Step 3: Create a view in the Amazon Web Services Region that contains the aggregator index

Run the following command in the Amazon Web Services Region in which you created the aggregator index. The following example command creates a view identical to the one created by the Resource Explorer console setup process. This new view includes tags attached to the resource as part of the indexed information and supports searching for resources by tag key or value.


$ aws resource-explorer-2 create-view \
    --view-name My-New-View \
    --included-properties Name=tags
{
    "View": {
        "Filters": {
            "FilterString": ""
        },
        "IncludedProperties": [
            {
                "Name": "tags"
            }
        ],
        "LastUpdatedAt": "2022-07-27T16:34:14.960000+00:00",
        "Owner": "123456789012",
        "Scope": "arn:aws-cn:iam::123456789012:root",
        "ViewArn": "arn:aws-cn:resource-explorer-2:cn-north-1:123456789012:view/My-New-View/1a2b3c4d-5d6e-7f8a-9b0c-abcd22222222"
    }
}

Example Step 4: Set your new view as the default for its Amazon Web Services Region

The following example sets the view you created in the previous step as the default for the Region. You must run the following command in the same Amazon Web Services Region in which you created the default view.


$ aws resource-explorer-2 associate-default-view \
    --view-arn arn:aws-cn:resource-explorer-2:cn-north-1:123456789012:view/My-New-View/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111
{
    "ViewArn": "arn:aws-cn:resource-explorer-2:cn-north-1:123456789012:view/My-New-View/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111"
}

Before your users can search with a view, you must grant them permissions to use that view. For more information, see Granting access to Resource Explorer views for search.

After you run those commands, Resource Explorer is running in the specified Regions in your Amazon Web Services account. Resource Explorer builds and maintains an index in each Region with details of the resources located there. Resource Explorer replicates each of the individual Region indexes to the aggregator index in the specified Region. That Region also contains a view that allows any IAM role or user in the account to search for resources across all indexed Regions.

Note

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Prerequisites

Managing Resource Explorer