What is AWS Resource Explorer? Pros and Cons

It's always comforting to know that the tools we use are constantly evolving. With Amazon Web Services (AWS) being one of the largest cloud services available, it's expected that they keep improving their services too. Recently, they introduced a new service called Resource Explorer. 

This service is meant to help developers quickly search various resources in an AWS account within the defined permission scopes. Resource discovery is a must-have for organizations that want to secure their cloud. 

Therefore, as the cloud nerds we are, we wanted to dig into this new service and explain how it works in the simplest terms for you. As is the case with any service, AWS Resource Explorer has its advantages and disadvantages. If you want to learn whether this new service will work for you or if you should go for an alternative instead, read on!

What is AWS Resource Explorer? Let's break it down.

AWS Resource Explorer is a new service rolled out by Amazon Web Services to allow users to search and discover their AWS resources. With this new service, you can search through the AWS resources in your account across regions. It helps you explore resources like Amazon DynamoDB tables, Amazon Kinesis streams, and Amazon Elastic Compute Cloud instances with a search engine-like experience.

AWS Resource Explorer is currently available at no additional charge.

In terms of how it works, you need to use metadata such as names, IDs, and tags when searching resources. Once you find a resource in the AWS Management Console, you can go to the corresponding service console and region from the search results. Similarly, another way is to use the AWS Command Line Interface (CLI) or any of the SDKs to search for resources in your automation tools. We will focus more on how AWS Resource Explorer works in the following parts of this article.

But how does Resource Explorer brings fast responses to your queries? 

It uses indexes created and maintained by the AWS Resource Explorer service itself. The service relies on various data sources to collect data about the resources in your AWS account. The gathered information is stored in the indexes so the Resources Explorer can search across them to bring you the results. Mind that you must turn it on to ensure it creates and maintains those indexes.

  • AWS Resource Explorer creates and maintains indexes to find the resource you're looking for.
  • The resource data is stored on those indexes.

Suggested reading: Common Amazon S3 Bucket Misconfigurations

Pros and cons of AWS Resource Explorer

AWS Resource Explorer review

Pros 

  • You can access and discover your AWS resources across all Regions.
  • Administrators can specify what resource information is visible and available to users. 
  • No additional charge.
  • You can quickly go to the corresponding service console from the search results to work on that resource.
  • The unified search in the AWS Management Console allows you to search for resources, bringing you the search results through Resource Explorer. 

Cons

  • There is no multi-account support.
  • Resource Explorer allows you to search for resource names, IDs, and tags, not their contents. You can find the resource you're looking for in a general sense. If you're searching for specific content in a resource, that's not possible to find through Resource Explorer.

Basic terms and concepts for AWS Resource Explorer

There are some basic terms and concepts that will help you better understand how AWS Resource Explorer works. Let's walk you through each.

Resource

A resource is an entity created by AWS services as you use service features. AWS resource examples include an Amazon S3 bucket, an Amazon EC2 instance, or an Amazon CloudFormation Stack. 

Each resource type has its attributes or metadata, defining the resource such as a description, name, or unique Amazon Resource Name (ARN). Additionally, most resource types support tags for categorization needs. Resource Explorer uses different techniques to identify the resource you're looking for.

Important ⚠️

AWS Resource Explorer intentionally excludes certain resource types as they may contain customer data, and therefore including them would cause an exposure. Resource Explorer simply does not index those resource types, including:

  • Amazon S3 objects contained within a bucket
  • DynamoDB attribute values
  • Amazon DynamoDB table items

You might also like; Beginner's Guide to AWS Config.

Index

As mentioned earlier, AWS Resource Explorer relies on indexes to find resource information. An index is a collection of information about your AWS resources in one region. Indexes are created and maintained by Resource Explorer. 

  • Resource Explorer automatically creates and updates indexes as you create or delete resources in your AWS account.
  • You can't directly query an index. Instead, you need to query using a view. We'll get to that shortly.
  • Types of indexes on Resource Explorer: Local index and aggregator index

View

Your queries must go through a view to query a list of resources in an index. In other words, a view outlines what information in the index is visible and available to search and explore. The view creator can restrict the resources users can see in the resource search results.

  • You can specify and limit which resources are included in search results when creating a view.
  • Users must have permission to access at least one view to search on the AWS Resource Explorer.
  • Resource Explorer stores views on a per-region basis. A view can access only indexes within that region. 
  • For account-wide search results, you must use a view that creates and use a view that contains the aggregator index for your AWS account.  
AWS Resource Explorer screenshot

Resource Explorer administrator

A Resource Explorer administrator has permission to manage Resource Explorer and its settings in an AWS account. The administrator typically has all permissions related to Resource Explorer on all Resource Explorer resources, including the views and indexes. 

Resource Explorer user

A Resource Explorer user refers to an IAM principal and has permission to perform the following:

  • Search resources by using a view to query Resource Explorer
  • The administrator can delegate Resource Explorer users the ability to define and create views. 

Unified Search in the AWS Management Console

After you activate it and create an aggregator index and a view, a unified search in your AWS Management Console can include your account's resources in the search results. Unified search automatically goes through the default view in the region that comprises the aggregator index. 

This ability lets you query your AWS resources from any page in the AWS Management Console without having to open Resource Explorer. 

Suggested reading: 6 Ways to Offer SQL in Your Product

Features of AWS Resource Explorer

  • Users can look for resources in their AWS Region or across Regions in their AWS account.
  • Users can filter down the search results using search operators, keywords, and attributes like tags.
  • Users can directly go to the resource's native console to work with it after they find that resource in the Resource Explorer search results.
  • Administrators can define which resources will be available in search results by creating views. They can create different views for different groups of users depending on their tasks and give permissions to views based on who needs them.

How does AWS Resource Explorer work?

To get started with the AWS Resource Explorer, you need to turn it on so that it kick-starts by creating and maintaining indexes. In the gist of it, Resource Explorer brings fast responses to your search queries through those indexes. Typically, it's the AWS account administrator who turns on Resource Explorer and goes along with the following steps.

Step 1: First, you need a view that gives access to an index. If the view you create uses an aggregator index, it allows you to search across all indexed Regions. 

how does AWS Resource Explorer work
Source: AWS

If the view uses a local index, the query will have access only to resources in that local region.

Resource Explorer local index
Source: AWS

Step 2: If you're an administrator, you can control which resources can be found in the search results by defining what resource information is available for discovery through views. 

Step 3: Once Resource Explorer indexes your resources, you can proceed to resource search. 

Wrap-up

AWS Resource Explorer can help you discover resources in your AWS account and provide visibility for your developer and security teams. Note that the service is still quite new and open to improvements. If you're looking to combine multi-cloud and SaaS, you can also check out Resmo.

Continue Reading