Creating Resource Explorer views to use for search

All searches must use a view. A view defines filters that determine which resources can be returned by queries that use the view. Views also control who can search for resources.

A view is stored in an AWS Region, and returns search results from only that Region's index. If the Region contains the aggregator index, then the view returns search results from the index in every Region in the account.

Multi-account views allow you to search for resources in accounts across your organization. Any account you wish to search requires indexes. Only the management account, or a delegated administrator for the organization, can create a multi-account view.

AWS Resource Explorer can create a default view for you during initial set up if you chose the relevant options in either Quick Setup for Resource Explorer in the Systems Manager console or Advanced setup. At any later time, you can create additional views that have different filters for different sets of users.

You can create a view by using the AWS Management Console or by running AWS CLI commands or their equivalent API operations in an AWS SDK.

Minimum permissions

To run this procedure, you must have the following permissions:

Action: resource-explorer-2:CreateView

Resource: This can be * to allow creation of a view in any AWS Region in the account.

AWS Management Console

To create a view

Open the Resource Explorer console Views page and choose Create view.
On the Create view page, for Name, enter a name for the view.

The name must be no more than 64 characters long, and can include letters, digits, and the hyphen (-) character. The name must be unique within its AWS Region.
Choose the AWS Region in which you want to create the view. To create a view that returns resources from all Regions in the account, choose the AWS Region that contains the aggregator index.
(Optional) For Scope, choose whether your search returns multi-account resources, or returns resources only from your account. Account level scope is the default.

Only the management account or delegated administrator can see the option to create a multi-account view.
Choose whether to filter the results.
- Include all resources
  
  No query filters are included. All resources in the index associated with the view can be returned in search results.
- Include only resources that match a specified filter
  
  Turns on the Resource filters check box where you can choose filter names and operators. For an explanation of each of the available filter names and operators, see Filters.
- Choose the optional resource attributes to include in results from this view. Select the check box next to Tags to let users search for resources based on their tag key names and values. If you don't include tags in the view then users can't make search requests that use tag keys and values to further filter the results.
- Optionally, you can attach tags to the view. Expand the Tags box, and enter up to 50 tag key/value pairs. You can use tags to categorize resources, or as part of an attribute-based access control (ABAC) security permission strategy. For more information, see Adding tags to views.
- Choose Create view.
The console returns to the Search page where you can use your new view to perform a search.

Next step: Grant the principals in your account permissions to search with your new view. For more information, see Granting access to Resource Explorer views for search

AWS CLI

To create a view

Run the following command to create a view in the specified AWS Region. The following example creates a view that returns only resources related to the Amazon EC2 service that are tagged with a Stage key and the value prod.


$ aws resource-explorer-2 create-view \
    --region us-west-2 \
    --view-name "My-EC2-Prod-Resources" \
    --filters FilterString="service:ec2 tag:stage=prod" \
    --included-properties Name=tags
{
    "View": {
        "Filters": {
            "FilterString": "service:ec2 tag:stage=prod"
        },
        "IncludedProperties": [
            {
                "Name": "tags"
            }
        ],
        "LastUpdatedAt": "2022-08-03T16:13:37.625000+00:00",
        "Owner": "123456789012",
        "Scope": "arn:aws:iam::123456789012:root",
        "ViewArn": "arn:aws:resource-explorer-2:us-west-2:123456789012:view/My-EC2-Prod-Resources/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111"
    }
}

To create an organization level view

The following example creates a view that returns resources from across your organization. This must be performed by the organization's management account, or a delegated administrator account.

Run the aws organizations describe-organization command to get your organization ARN.

Run the following command to create a view for the specified organization.


$ aws resource-explorer-2 create-view \
    --region us-west-2 \
    --view-name entire-org-view \
    --scope "arn:aws:organizations::111111111111:organization/o-exampleorgid"
{
    "View": {
        "Filters": {
            "FilterString": ""
        },
        "IncludedProperties": [],
        "LastUpdatedAt": "2022-08-03T16:13:37.625000+00:00",
        "Owner": "111111111111",
        "Scope": "arn:aws:organizations::111111111111:organization/o-exampleorgid",
        "ViewArn": "arn:aws:resource-explorer-2:us-west-2:111111111111:view/entire-org-view/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111"
    }
}

To create an organizational unit level view

The following example creates a view that returns resources from all members of this organizational unit. This view behaves similarly to an organizational level view. This must be performed by the organization's management account, or a delegated administrator account.

Run the aws organizations describe-organizational-unit command to get your organization ARN.

Run the following command to create a view for the specified organizational unit.


$ aws resource-explorer-2 create-view \
    --region us-west-2 \
    --view-name entire-ou-view \
    --scope "arn:aws:organizations::222222222222:ou/o-exampleorgid/ou-exampleouid"
{
    "View": {
        "Filters": {
            "FilterString": ""
        },
        "IncludedProperties": [],
        "LastUpdatedAt": "2022-08-03T16:13:37.625000+00:00",
        "Owner": "222222222222",
        "Scope": "arn:aws:organizations::222222222222:ou/o-exampleorgid/ou-exampleouid",
        "ViewArn": "arn:aws:resource-explorer-2:us-west-2:222222222222:view/entire-ou-view/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111"
    }
}

Next step: Grant the principals in your account permissions to search with your new view. For more information, see Granting access to Resource Explorer views for search

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

About views

Granting access to views