HOWTO: AWS Resource explorer to find all resources across regions

Have you ever had a surprise AWS bill for things that you forgot to shut down or delete? No more fumbling through the management console to find resources in an AWS account. AWS Resource Explorer was released in November 2022, it is a managed capability that simplifies the search and discovery of AWS resources. The primary purpose of Resource Explorer is to help you find the resources that exist in your AWS account. 

You can search and find all resources in all regions.. such as list all EC2 instances, all VPCs, all APIs in API Gateway, RDS, etc.

AWS Resource Explorer is available at no additional charge so there is no reason to not use it. You have to turn this on only once for your AWS organization or your AWS account. 

AWS Resource Explorer uses a variety of techniques to discover all of your resources and place information about them in an index. Then, you can query the index through whatever views that your administrator makes available to you. AWS creates a default view for you but your admin can change that and lock down the views to specific users and specific resources. I have created two additional views below; one to view all CloudFormation stacks and the second to view all S3 buckets tagged as production, across all regions.

Exclusions

Resource Explorer intentionally excludes those resources types whose inclusion would expose customer data. The following resource types are not indexed by Resource Explorer and are therefore never returned in search results.

  1. Amazon S3 objects that are contained within a bucket
  2. Amazon DynamoDB table items
  3. DynamoDB attribute values

Enable Resource Explorer

You must explicitly turn on Resource Explorer. This is done only once.

I selected the Quick setup option which should satisfy majority of the use cases. I am operating out of the us-east-1 (N. VA) region hence the selection below.

Resource Explorer will create indexes in all the available regions including an aggregator index in your default region.

Default View

Once you have enabled Resource Explorer, default view (below) will be automatically created.

When you click on the all-resources view, it will get populated very quickly with all the resources in your account across all regions. Your AWS account has a default VPC in each AWS Region. The default VPC includes a default public subnet in each Availability Zone and an internet gateway that is attached to your VPC. So it may seem like you have a lot of resources but there are quite a few default resources that exists when you create an AWS account.

Query Resources

Query – enter keywords and filters to describe the resources you want to find. I want to view all CloudFormation stacks I had created in the past, so in the Query textbox, I filter on cloudformation. This query lists all the CloudFormation stacks.

***Please note that this is showing all the deleted CloudFormation stacks, I do no have any active stacks. Apparently, AWS keeps information on all the deleted cloudformation stacks for 90 days after they have been deleted.

Unified Search

AWS Management Console includes a search bar at the top of every AWS console page. Once the Resource Explorer is turned on, unified search feature is turned on which allows you to search for resources by name, description, tag or ARN. Now you can search for resources from any AWS service console without having to first navigate to the AWS Resource Explorer console.

Begin your search by typing /Resources. I want to search for my s3 bucket named m-lambdafunctions, which has all the lambda functions.

Create Additional Views

Administrators can create views that define which resources are available in search results. Administrators can create different views for different groups of users based on their tasks, and grant permissions to views to only those users who need them.

For this tutorial, I have created two additional views.

List all CloudFormation resources across all regions

In the Create View console, fill
Name
Account Scope
Region
Resources Filter: select Include only resources that match a specified filter.
Filter Query: Enter resourcetype:cloudformation:stack
Click Create View

Upon creation, this view will list all the cloudformation stacks including the recently deleted ones. (same as above

List all S3 buckets which are tagged as production across all regions

In the Create View console, fill
Name
Account Scope
Region
Resources Filter: select Include only resources that match a specified filter.
Filter Query: Enter resourcetype:s3:bucket tag:environment=prod
Click Create View

***Please note that there is a space between the two filters resourcetype:s3:bucket tag:environment=prod. Filters are evaluated in the query with the AND operator.

I had tagged my S3 bucket m-lambdafunctions with the key-value pair of environment:prod. Tags are custom metadata that you can attach to your resources for a variety of purposes, such as cost allocation in your billing, security authorization using attribute-based access control, or to support your other categorization needs. These tags makes it very easy to categorize your resources for easier tracking in the future.

Upon creation, this view will list all the S3 buckets tagged with environment:prod

You can click on the resource in the search results, and can immediately go to the resource’s native console to work with that resource.

Now I have three views: one default which lists all the resources and two custom views.

This is the end of the tutorial. Hope you got something out of it.

References: