Menu
AWS Resource Groups
User Guide

What Is AWS Resource Groups?

You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time. This guide shows you how to create and manage resource groups in AWS Resource Groups.

You can access Resource Groups through any of the following entry points.

  • On the navigation bar of the AWS Management Console.

  • In the AWS Systems Manager console, from the left navigation pane entry for Resource Groups.

  • By using the Resource Groups API, in AWS CLI commands or AWS SDK programming languages.

To work with resource groups on the AWS Management Console home

  1. Sign in to the AWS Management Console.

  2. On the navigation bar, choose Resource Groups.

    
     AWS Management Console home with Resource Groups menu open.
  3. Choose a resource group from Saved Groups, or choose Create a Group.

To work with resource groups in AWS Systems Manager

  1. Sign in to the AWS Management Console.

  2. On the console home page, in Management Tools, choose AWS Systems Manager.

  3. On the AWS Systems Manager home page, choose Explore Resource Groups.

What Are Resource Groups?

In AWS, a resource is an entity that you can work with. Examples include an Amazon EC2 instance, an AWS CloudFormation stack, or an Amazon S3 bucket. If you work with multiple resources, you might find it useful to manage them as a group rather than move from one AWS service to another for each task. If you manage large numbers of related resources, such as EC2 instances that make up an application layer, you likely need to perform bulk actions on these resources at one time. Examples of bulk actions include:

  • Applying updates or security patches.

  • Upgrading applications.

  • Opening or closing ports to network traffic.

  • Collecting specific log and monitoring data from your fleet of instances.

A resource group is a collection of AWS resources that are all in the same AWS region, that match criteria provided in a query, and that share one or more tags or portions of tags. You build queries in the Resource Groups console or pass them as arguments to Resource Groups commands in the AWS CLI. Queries include lists of resources that are specified in the following format AWS::service::resource, and tags. Tags are keys that help identify and sort your resources within your organization. Optionally, tags include values for keys.

Resource groups can be nested; a resource group can contain existing resource groups in the same region.

By default, the AWS Management Console is organized by AWS service. But with Resource Groups, you can create a custom console that organizes and consolidates information based on criteria that you specify in tags. The following list describes some of the cases in which tagging and resource grouping can help organize your resources.

  • An application that has different phases, such as development, staging, and production.

  • Projects managed by multiple departments or individuals.

  • A set of AWS resources that you use together for a common project or that you want to manage or monitor as a group.

  • A set of resources related to applications that run on a specific platform, such as Android or iOS.

For example, you are developing a web application, and you are maintaining separate sets of resources for your alpha, beta, and release stages. Each version runs on Amazon EC2 with an Amazon Elastic Block Store storage volume. You use Elastic Load Balancing to manage traffic and Route 53 to manage your domain. Without Resource Groups, you might have to access multiple consoles just to check the status of your services or modify the settings for one version of your application.

With Resource Groups, you use a single page to view and manage your resources. For example, let’s say you use the tool to create a resource group for each version—alpha, beta, and release—of your application. To check your resources for the alpha version of your application, open your resource group. Then view the consolidated information on your resource group page. To modify a specific resource, choose the resource's links on your resource group page to access the service console that has the settings that you need.

Differences Between AWS Resource Groups and Legacy Resource Groups

The following table describes key differences between the AWS Resource Groups service, and the older, classic Resource Groups.

AWS Resource Groups

Legacy Resource Groups

API support

Has a public API. For more information about the AWS Resource Groups API, see the AWS Resource Groups API Reference.

No public API. You can create and manage legacy resource groups in the AWS Management Console only.

Region support

Regional; all resources in a group that you create with AWS Resource Groups are located in the same region.

Cross-regional

Permissions

Per AWS account

Per user

Requirements

To create a group, you must choose resource types that have at least one tag key assigned, and specify at least a tag key value.

To create a group, you must choose a tag key from a drop-down list. Specifying resource types is optional.

Entry points

You can open AWS Resource Groups from the upper left of the AWS Management Console. This opens AWS Systems Manager, where you work with AWS Resource Groups. When you choose AWS Resource Groups, the URL is https://console.aws.amazon.com/resource-groups/groups in Systems Manager. You can also create and manage groups by using the AWS CLI and API.

You can open legacy Resource Groups from the upper left of the AWS Management Console. When you choose legacy Resource Groups, the URL is https://resources.console.aws.amazon.com/r/group.

Purposes

Perform tasks such as Systems Manager Automation on multiple resources at one time; view insights and monitoring information about grouped resources.

Get monitoring data about resources, such as CloudWatch alarms.

Support for nested groups (a resource group of other resource groups)

Yes. You can create a resource group that contains other resource groups in the same region that were created in the new service.

No.

AWS Resource Groups and Permissions

The new Resource Groups feature permissions (the feature that is covered by this guide) are at the account level. As long as users who are sharing your account have the correct IAM permissions, they can work with resource groups that you create.

In the older, classic Resource Groups, however, if you use AWS Identity and Access Management (IAM) to create multiple users in the same account, each of those users has their own, individual resource groups. These groups are not visible to other users. For information about creating IAM users, see Creating an IAM User in the IAM User Guide.

Tags are properties of a resource, so they are shared across your entire account. Users in a department or specialized group can draw from a common vocabulary (tags) to create resource groups that are meaningful to their roles and responsibilities. Having a common pool of tags also means that when users share a resource group, they don't have to worry about missing or conflicting tag information.

AWS Resource Groups Resources

In Resource Groups, the only available resource is a group. Groups have unique Amazon Resource Names (ARNs) associated with them. For more information about ARNs, see Amazon Resource Names (ARN) and AWS Service Namespaces in the Amazon Web Services General Reference.

Resource Type

ARN Format

Resource Group

arn:aws:resource-groups:region:account:group/group-name

How Tagging Works

Tags are key and value pairs that act as metadata for organizing your AWS resources. With most AWS resources, you have the option of adding tags when you create the resource, whether it's an Amazon EC2 instance, an Amazon S3 bucket, or other resource. However, you can also add tags to multiple, supported resources at once by using Tag Editor. You build a query for resources of various types, and then add, remove, or replace tags for the resources in your search results. Queries assign an AND operator to tags, so any resource that matches the specified resource types and all specified tags is returned by the query.

For more information about tagging, see Working with Tag Editor in this guide. You can tag supported resources by using Tag Editor, and some additional resources by using tagging functionality in the service console in which you create and manage the resource.