Up to now, it was not very easy to see what resources you have in an AWS account. One of the ways to solve this was to enable the AWS Config Recorder and then search in the AWS Config Console. This was, however, not very easy. I’m very happy that AWS introduced the Resource Explorer: it is a very easy service to see what resources are deployed in the account.
From the GUI, it’s just a few clicks to add the Resource Explorer in the region of choice and let Resource Explorer crawl through all the regions where you have resources. The index in the region where you deploy the Resource Explorer is called an Aggregator Index, the indexes in the other regions are called Local Indexes.
Searching for resources
When you switch on Resource Explorer, it can take up to 36 hours to find all resources.
In the GUI you can search for an identifier name, for example k8s:
The AWS Account in the GUI is always the current account, though I expect that AWS will make it possible to use multiple accounts in the future. That would be great, because AWS Resource Explorer can then search through multiple accounts in an Organization. You can find a list with supported resources on this AWS site [1].
When you deployed the service and then delete a resource in another region, the resource still pops up in the AWS Gui for some time. One way to solve this is to use the Command Line Interface of AWS to search for resources. You can pipe the result to jq and then print all resources that are collected by the Aggregator Index after a certain date/time:
aws resource-explorer-2 search --query-string "*" --region eu-west-1 | jq '.Resources[] | select(.LastReportedAt >= "2022-12-20T12:00")'
The region in this call is the region where you have the Aggregator Index running.
Enabling Resource Explorer via the CLI, CloudFormation or CDK
When you enable Resource Explorer in the GUI, AWS will enable Resource Explorer, will then add an Aggregator Index (and Local Indexes, where applicable), add a view and make that view the default view. When you use the Command Line Interface, you need more steps. AWS explains this very well in their documentation [2].
Fortunately, Resource Explorer already implemented Cloud Formation: when you want to use CloudFormation to enable Resource Explorer and do the steps AWS does for you automatically, you can use this CloudFormation template to deploy Resource Explorer in one region:
AWSTemplateFormatVersion: 2010-09-09
Description: Resource Explorer
Resources:
ResourceExplorerIndex:
Type: AWS::ResourceExplorer2::Index
Properties:
Type: AGGREGATOR
Tags:
ApplicationName: Resource Explorer
ResourceExplorerView:
Type: 'AWS::ResourceExplorer2::View'
Properties:
ViewName: ResourceExplorerView
IncludedProperties:
- Name: tags
Tags:
ApplicationName: Resource Explorer
DependsOn: ResourceExplorerIndex
ResourceExplorerDefaultViewAssociation:
Type: 'AWS::ResourceExplorer2::DefaultViewAssociation'
Properties:
ViewArn: !Ref ResourceExplorerView
Constructs for AWS CDK exist as well [2].
Conclusion
This was one of the AWS Services that I missed a lot in the previous years. I am really happy that AWS added it now. It’s a free service as well…
Links
[1] List of supported AWS resources: https://docs.aws.amazon.com/resource-explorer/latest/userguide/supported-resource-types.html
[2] Turn on Resource Explorer by using the CLI: https://docs.aws.amazon.com/resource-explorer/latest/userguide/getting-started-setting-up.html
[3] Constructs for AWS Resource Explorer: https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-resourceexplorer2.CfnDefaultViewAssociation.html
Image by Arek Socha from Pixabay
