Red question marks on a layer which also contains black questionmarks.

New in AWS: AWS Resource Explorer

Up to now, it was not very easy to see what resources you have in an AWS account. One of the ways to solve this was to enable the AWS Config Recorder and then search in the AWS Config Console. This was, however, not very easy. I’m very happy that AWS introduced the Resource Explorer: it is a very easy service to see what resources are deployed in the account.

From the GUI, it’s just a few clicks to add the Resource Explorer in the region of choice and let Resource Explorer crawl through all the regions where you have resources. The index in the region where you deploy the Resource Explorer is called an Aggregator Index, the indexes in the other regions are called Local Indexes.

Searching for resources

When you switch on Resource Explorer, it can take up to 36 hours to find all resources.

In the GUI you can search for an identifier name, for example k8s:

AWS Resource Explorer screen, with search for k8s and three resources found where k8s is part of the identifier.

The AWS Account in the GUI is always the current account, though I expect that AWS will make it possible to use multiple accounts in the future. That would be great, because AWS Resource Explorer can then search through multiple accounts in an Organization. You can find a list with supported resources on this AWS site [1].

When you deployed the service and then delete a resource in another region, the resource still pops up in the AWS Gui for some time. One way to solve this is to use the Command Line Interface of AWS to search for resources. You can pipe the result to jq and then print all resources that are collected by the Aggregator Index after a certain date/time:

aws resource-explorer-2 search --query-string "*" --region eu-west-1 | jq '.Resources[] | select(.LastReportedAt >= "2022-12-20T12:00")'

The region in this call is the region where you have the Aggregator Index running.

Enabling Resource Explorer via the CLI, CloudFormation or CDK

When you enable Resource Explorer in the GUI, AWS will enable Resource Explorer, will then add an Aggregator Index (and Local Indexes, where applicable), add a view and make that view the default view. When you use the Command Line Interface, you need more steps. AWS explains this very well in their documentation [2].

Fortunately, Resource Explorer already implemented Cloud Formation: when you want to use CloudFormation to enable Resource Explorer and do the steps AWS does for you automatically, you can use this CloudFormation template to deploy Resource Explorer in one region:

AWSTemplateFormatVersion: 2010-09-09
Description: Resource Explorer
Resources:

  ResourceExplorerIndex:
    Type: AWS::ResourceExplorer2::Index
    Properties:
      Type: AGGREGATOR
      Tags:
        ApplicationName: Resource Explorer

  ResourceExplorerView:
    Type: 'AWS::ResourceExplorer2::View'
    Properties:
      ViewName: ResourceExplorerView
      IncludedProperties:
        - Name: tags
      Tags:
        ApplicationName: Resource Explorer
    DependsOn: ResourceExplorerIndex

  ResourceExplorerDefaultViewAssociation:
    Type: 'AWS::ResourceExplorer2::DefaultViewAssociation'
    Properties:
      ViewArn: !Ref ResourceExplorerView

Constructs for AWS CDK exist as well [2].

Conclusion

This was one of the AWS Services that I missed a lot in the previous years. I am really happy that AWS added it now. It’s a free service as well…

Links

[1] List of supported AWS resources: https://docs.aws.amazon.com/resource-explorer/latest/userguide/supported-resource-types.html

[2] Turn on Resource Explorer by using the CLI: https://docs.aws.amazon.com/resource-explorer/latest/userguide/getting-started-setting-up.html

[3] Constructs for AWS Resource Explorer: https://docs.aws.amazon.com/cdk/api/v1/docs/@aws-cdk_aws-resourceexplorer2.CfnDefaultViewAssociation.html

Image by Arek Socha from Pixabay

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.