Using AWS Resource Explorer to search for resources
The primary purpose of enabling AWS Resource Explorer in your AWS account is to allow your users to search for resources in the account. Use the AWS Management Console or the AWS Command Line Interface (AWS CLI) to search for resources using Resource Explorer.
The following are some of the main characteristics of Resource Explorer search.
-
Every search must use a view.
The view is what Resource Explorer uses to determine who has permissions to see which resources. To use a view in a Resource Explorer search operation, the user must have an
Allow
on theresource-explorer-2:Search
operation for the specified view. This permission comes from an identity-based permission policy attached to the principal making the request.The view can include a filter that limits which resources can be included in the results. By creating different views that use filters and by granting different principals access to different views, you can configure an environment where each group of users can view only the resources relevant to them.
For more information about views, see Managing Resource Explorer views to provide access to search.
-
Resource Explorer uses asynchronous background processes to maintain its indexes.
It can take Resource Explorer some time for its indexing processes to discover newly created or modified resources and add them to the local index. It can take additional time for Resource Explorer to replicate changes in the local indexes to the aggregator index.
The same applies to resources that you delete. It can take some time after you delete a resource for that deletion to be discovered by the indexing process and that resource's information to be removed from the local index. Additional time is needed for Resource Explorer to replicate that deletion from the local index to the account's aggregator index.
Additions, modifications, and deletions to your resources can take up to a maximum of 36 hours for Resource Explorer to show those changes in search results in all Regions where you've activated Resource Explorer.
-
A search in Resource Explorer occurs within an AWS Region.
Each Region where you turn on Resource Explorer contains an index of only the resources stored in that Region. Views are also associated with Regions, and can return only the resources found in that Region's index. The one exception to this is the aggregator index, that receives a replicated copy of all of the local indexes to support searching across all Regions in the account.
-
Cross-Region search requires an aggregator index for the account.
To let users search for resources across all AWS Regions, the administrator must designate one Region to contain the aggregator index for the account. A copy of every local index is automatically replicated to the aggregator index.
Because of this, only views in the aggregator index Region can return results that include resources from all AWS Regions in the account.
-
A query consists of any number of free-form text keywords and filters.
Free-form keywords are combined in the query using logical
OR
operators. Filters that use Resource Explorer defined filter names are combined in the query using logicalAND
operators. Consider the following example query.test instance service:EC2 region:us-west-2
This is evaluated by Resource Explorer as follows.
test OR instance AND service:EC2 AND region:us-west-2
This query requires that matching resources must be Amazon EC2 resources in the US West (Oregon) Region, and have at least one of the keywords (test, instance) attached in some way, such as in the name, description, or tags.
Note
Because of the implicit
AND
, you can successfully use only one filter for an attribute that can have only one value associated with the resource. For example, a resource can be part of only one AWS Region. Therefore, the following query returns no results.region:us-east-1 region:us-west-1
This limitation does not apply to the filters for attributes that can have multiple values at the same time, such as
tag:
,tag.key:
, andtag.value:
. -
A search can return only the first 1,000 results.
This requirement includes a search with an empty query string that matches all resources. To see resources beyond the 1,000 returned by an empty query string, you must use queries to restrict matching results to those you want to see and limit the number of matches to less than 1,000.
-
There is a per-account quota on the number of search operations that you can perform.
Quotas limit how many queries you can make per second, and how many queries you can make each month. For specific quota numbers, see Quotas for Resource Explorer.
Export search results to a .csv file
You can export the results of a Resource search query to a comma-separated values (.csv) file. The .csv file includes the identifier, resource type, Region, AWS account, the total number of tags, and a column for each unique tag key in the collection. The .csv file can help you configure your AWS resources in your organization, or determine where there are overlaps or inconsistencies in tagging across resources.
-
In the results of your Resource search query, choose Export resources to CSV.
You can choose to export your results with only the columns you can currently see, or export with all of the available columns.
-
When you're prompted by your browser, choose to open the .csv file, or save it to a convenient location.