All searches must use a view. A view defines filters that determine which resources can
be returned by queries that use the view. Views also control who can search for
resources.
A view is stored in an AWS Region, and returns search results from only that Region's
index. If the Region contains the aggregator index, then the view returns
search results from the index in every Region in the account.
Multi-account views allow you to search for resources in accounts across your
organization. Any account you wish to search requires indexes. Only the management account,
or a delegated administrator for the organization, can create a multi-account view.
AWS Resource Explorer can create a default view for you during initial set up if you chose the
relevant options in either Quick Setup for Resource Explorer in the Systems Manager console or Advanced
setup. At any later time, you can create additional views that have
different filters for different sets of users.
You can create a view by using the AWS Management Console or by running AWS CLI commands or their equivalent API
operations in an AWS SDK.
Minimum permissions
To run this procedure, you must have the following permissions:
- AWS Management Console
-
To create a view
-
Open the Resource Explorer console Views page and choose Create
view.
-
On the Create view page, for
Name, enter a name for the view.
The name must be no more than 64 characters long, and can include
letters, digits, and the hyphen (-) character. The name must be unique
within its AWS Region.
-
Choose the AWS Region in which you want to create the view. To
create a view that returns resources from all Regions in the account,
choose the AWS Region that contains the aggregator index.
-
(Optional) For Scope, choose whether your search
returns multi-account resources, or returns resources only from your
account. Account level scope is the default.
Only the management account or delegated administrator can see the
option to create a multi-account view.
-
Choose whether to filter the results.
-
Include all resources
No query filters are included. All resources in the index
associated with the view can be returned in search
results.
-
Include only resources that match a specified
filter
Turns on the Resource filters check box
where you can choose filter names and operators. For an
explanation of each of the available filter names and operators,
see Filters.
-
Choose the optional resource attributes to include in results
from this view. Select the check box next to
Tags to let users search for resources
based on their tag key names and values. If you don't include
tags in the view then users can't make search requests that use
tag keys and values to further filter the results.
-
Optionally, you can attach tags to the view. Expand the
Tags box, and enter up to 50 tag
key/value pairs. You can use tags to categorize resources, or as
part of an attribute-based access control (ABAC) security
permission strategy. For more information, see Adding tags to views.
-
Choose Create view.
The console returns to the Search page where you
can use your new view to perform a search.
Next step: Grant the principals in
your account permissions to search with your new view. For more
information, see Granting access to Resource Explorer views for
search
- AWS CLI
-
To create a view
Run the following command to create a view in the specified AWS Region.
The following example creates a view that returns only resources related to
the Amazon EC2 service that are tagged with a Stage
key and the
value prod
.
$
aws resource-explorer-2 create-view \
--region us-west-2 \
--view-name "My-EC2-Prod-Resources" \
--filters FilterString="service:ec2 tag:stage=prod" \
--included-properties Name=tags
{
"View": {
"Filters": {
"FilterString": "service:ec2 tag:stage=prod"
},
"IncludedProperties": [
{
"Name": "tags"
}
],
"LastUpdatedAt": "2022-08-03T16:13:37.625000+00:00",
"Owner": "123456789012",
"Scope": "arn:aws:iam::123456789012:root",
"ViewArn": "arn:aws:resource-explorer-2:us-west-2:123456789012:view/My-EC2-Prod-Resources/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111"
}
}
To create an organization level view
The following example creates a view that returns resources from
across your organization. This must be performed by the organization's
management account, or a delegated administrator account.
-
Run the aws organizations describe-organization
command
to get your organization ARN.
-
Run the following command to create a view for the specified
organization.
$
aws resource-explorer-2 create-view \
--region us-west-2 \
--view-name entire-org-view \
--scope "arn:aws:organizations::111111111111:organization/o-exampleorgid"
{
"View": {
"Filters": {
"FilterString": ""
},
"IncludedProperties": [],
"LastUpdatedAt": "2022-08-03T16:13:37.625000+00:00",
"Owner": "111111111111",
"Scope": "arn:aws:organizations::111111111111:organization/o-exampleorgid",
"ViewArn": "arn:aws:resource-explorer-2:us-west-2:111111111111:view/entire-org-view/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111"
}
}
To create an organizational unit level view
The following example creates a view that returns resources from all
members of this organizational unit. This view behaves similarly to an
organizational level view. This must be performed by the organization's
management account, or a delegated administrator account.
-
Run the aws organizations describe-organizational-unit
command to get your organization ARN.
-
Run the following command to create a view for the specified
organizational unit.
$
aws resource-explorer-2 create-view \
--region us-west-2 \
--view-name entire-ou-view \
--scope "arn:aws:organizations::222222222222:ou/o-exampleorgid/ou-exampleouid"
{
"View": {
"Filters": {
"FilterString": ""
},
"IncludedProperties": [],
"LastUpdatedAt": "2022-08-03T16:13:37.625000+00:00",
"Owner": "222222222222",
"Scope": "arn:aws:organizations::222222222222:ou/o-exampleorgid/ou-exampleouid",
"ViewArn": "arn:aws:resource-explorer-2:us-west-2:222222222222:view/entire-ou-view/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111"
}
}
Next step: Grant the principals in your
account permissions to search with your new view. For more information, see
Granting access to Resource Explorer views for
search