Turning on Resource Explorer in an Amazon Web Services Region to index your resources - Amazon Resource Explorer
Create a Resource Explorer index in a Region
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Turning on Resource Explorer in an Amazon Web Services Region to index your resources

When you initially turn on Amazon Resource Explorer in your Amazon Web Services account, you created indexes for the service in one or more Amazon Web Services Regions. If you used the Quick setup option, Resource Explorer automatically created indexes in all Amazon Web Services Regions that are turned on in your Amazon Web Services account. The Resource Explorer service also promoted the index in the specified Region to be the aggregator index for the account. If you used the Advanced setup option, you specified the Regions in which to create indexes.

To turn on Resource Explorer in additional Regions, use the procedures in this topic.

When you turn on Resource Explorer in an Amazon Web Services Region, the service performs the following actions:

  • When you start Resource Explorer in the first Region in an Amazon Web Services account, Resource Explorer creates a service-linked role in the account named AWSServiceRoleForResourceExplorer. This role grants permissions for Resource Explorer to discover and index the resources in your account by using services such as Amazon CloudTrail and the tagging service. Creation of the service-linked role happens only when you register the first Amazon Web Services Region in the account. Resource Explorer uses the same service-linked role for all additional Regions that you add later.

  • Resource Explorer creates an index in the specified Region to store the details about that Region's resources.

  • Resource Explorer begins discovering the resources in the specified Region and adds the information it finds about them to that Region's index.

  • If your account already contains an aggregator index in a different Region, Resource Explorer starts replicating the information from the new Region's index to the aggregator index to support cross-Region search.

When those steps are complete, information about your resources is available to be discovered by users. They can search by using one of the views defined in either the same Region or the Region that contains the aggregator index.

Create a Resource Explorer index in a Region

You can create a Resource Explorer index in an additional Amazon Web Services Region by using the Amazon Web Services Management Console, by using commands in the Amazon Command Line Interface (Amazon CLI), or by using API operations in an Amazon SDK. You can create only one index in a Region.

Minimum permissions

To perform the steps in the following procedure, you must have the following permissions:

  • Action: resource-explorer-2:*Resource: no specific resource (*)

  • Action: iam:CreateServiceLinkedRoleResource: no specific resource (*)

Amazon Web Services Management Console
To create a Resource Explorer index in an Amazon Web Services Region

  1. On the Resource Explorer Settings page.

  2. In the Indexes section, choose Create indexes.

  3. On the Create indexes page, select the check boxes next to the Amazon Web Services Regions in which you want to create an index to support searching that Region's resources. Unavailable check boxes indicate Regions that already contain a Resource Explorer index.

  4. (Optional) In the Tags section, you can specify tag key and value pairs to the index.

  5. Choose Create indexes.

    Resource Explorer displays a green banner at the top of the page to indicate success, or a red banner if there is an error creating an index in one or more of the selected Regions.

    Note

    Tagged resources local to the index appear in search results within a few minutes. Untagged resources typically take less than two hours to appear, but can take longer when there is heavy demand. It can also can take up to an hour to complete the initial replication to a new aggregator index from all of the existing local indexes.

Next step – If you already created an aggregator index, then the new Regions automatically begin to replicate their index information to the aggregator index. If that is where your users do all of their searching, then the resources in the new Region appear in those search results and you're done.

However, if you want users to be able to search for resources in only the newly indexed Region, then you must also create a view for users in that Region and grant your users permissions to that view. For instructions on how to create a view, see Managing Resource Explorer views to provide access to search.

Amazon CLI
To create a Resource Explorer index in an Amazon Web Services Region

Run the following command for each Amazon Web Services Region in which you want to create an index to support searching that Region's resources. The following example command registers Resource Explorer in the US East (N. Virginia) (us-east-1).

$ aws resource-explorer-2 create-index \
    --region us-east-1
{
    "Arn": "arn:aws-cn:resource-explorer-2:cn-north-1:123456789012:index/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111",
    "CreatedAt": "2022-11-01T20:00:59.149Z",
    "State": "CREATING"
}

Repeat this command for each Region in which you want to turn on Resource Explorer, substituting the appropriate Region code for the --region parameter.

Because Resource Explorer performs some of the index creation as asynchronous tasks in the background, the response can be CREATING, which indicates that the background processes are not yet complete.

Note

Tagged resources local to the index appear in search results within a few minutes. Untagged resources typically take less than two hours to appear, but can take longer when there is heavy demand. It can also can take up to an hour to complete the initial replication to a new aggregator index from all of the existing local indexes.

You can check for final completion by running the following command, and checking for the ACTIVE state.

$ aws resource-explorer-2 get-index \
    --region us-east-1
{
    "Arn": "arn:aws-cn:resource-explorer-2:cn-north-1:123456789012:index/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111",
    "CreatedAt": "2022-07-12T18:59:10.503000+00:00",
    "LastUpdatedAt": "2022-07-13T18:41:58.799000+00:00",
    "ReplicatingFrom": [],
    "State": "ACTIVE",
    "Tags": {},
    "Type": "LOCAL"
}

Next step – If you already created an aggregator index, then the new Regions automatically begin to replicate their index information to the aggregator index. If that is where your users do all of their searching, then the resources in the new Region appear in those search results and you're done.

However, if you want users to be able to search for resources in only the newly indexed Region, then you must also create a view for users in that Region and grant your users permissions to that view. For instructions on how to create a view, see Managing Resource Explorer views to provide access to search.