AWS Resource Explorer Cheat Sheet
- A resource search and discovery service that helps you find and discover AWS resources across Regions and accounts using an internet search engine-like experience.
AWS Resource Explorer Key Features
- Search for resources using metadata like names, tags, IDs, and resource types
- Internet search engine-like experience with keywords and filters
- Cross-Region and multi-account search capabilities
- Integration with Unified Search in AWS Management Console
- Support for hundreds of AWS services (EC2, S3, DynamoDB, Kinesis, etc.)
- No setup required – automatically enabled based on IAM permissions
- Eventually consistent—most modifications and deletions visible within minutes in Regions where setup is complete; in some cases, up to two weeks
AWS Resource Explorer Automatic Enablement (As of October 6, 2025)
Resource Explorer is now available immediately with appropriate permissions—no activation required.
Experience based on permissions:
- Full Experience: AWSResourceExplorerReadOnlyAccess + iam:CreateServiceLinkedRole permission. Complete search results with automatic infrastructure creation on first search.
- Enhanced Experience: AWSResourceExplorerReadOnlyAccess only. Immediate access to partial results (all tagged resources and supported untagged resources). Full results available after service-linked role is created by any principal with iam:CreateServiceLinkedRole permission.
- No Access: Without required permissions, access denied.
AWS Resource Explorer Core Concepts
Indexes
By Ownership:
- Resource Explorer-owned indexes: Provide immediate partial results (all tagged resources and supported untagged resources); do not include resource tags in search results
- User-owned indexes: Provide complete results with automatic updates; include tags for filtering
By Scope:
- Local Index: Contains resources from a single Region only
- Aggregator Index: Contains replicated copies of all local indexes, enables cross-Region search (only one per account)
Views
- Define filters that determine which resources are returned in search results
- Stored per Region and can access only that Region’s index
- Views in aggregator index Region can return results from all Regions
- Default views: Automatically created with no filters
- Custom views: Created by administrators with specific filters
- Multi-account views: Search across AWS Organizations (requires management or delegated admin account)
AWS Resource Explorer Setup Options
Quick Setup
- Creates user-owned indexes in all AWS Regions enabled in your account at time of setup (does not auto-add future Regions)
- Configures an aggregator index in specified Region
- Creates a default view with no filters
Advanced Setup
- Choose specific Regions for user-owned indexes
- Optional aggregator index configuration
- Custom view creation
- Greater control over configuration
Multi-Account Search
Requires:
- AWS Organizations membership
- Enable trusted access with Resource Explorer
- Register aggregator index Region (consistent across organization)
- Create multi-account views scoped to organization or OUs
- Share views via AWS Resource Access Manager
AWS Resource Explorer Search Query Syntax
Free-form Keywords
- Case-insensitive search
- Multiple keywords joined with implicit OR operator
- Example:
test instancereturns resources matching “test” OR “instance”
Filters
| Filter | Description & Example |
|---|---|
accountid: |
AWS account that owns the resource (e.g., accountid:123456789012) |
application: |
Search by awsApplication tag key and resource group value |
service: |
AWS service (e.g., service:ec2) |
region: |
AWS Region (e.g., region:us-east-1) |
region:global |
Special case for resources not associated with individual Region |
resourcetype: |
Resource type in service:type notation (e.g., resourcetype:ec2:instance) |
resourcetype.supports: |
Filter for taggable resources (e.g., resourcetype.supports:tags) |
tag: |
Tag key-value pair (e.g., tag:Environment=Production) |
tag:all |
Resources with one or more user-created tags attached |
tag:none |
Resources without user-created tags (AWS service-created tags still appear) |
tag.key: |
Tagkey o nly (e.g., tag.key:Environment) |
tag.value: |
Tag value only (e.g., tag.value:Production) |
id: |
Resource ID (ARN) |
Operators
| Operator | Description & Example |
|---|---|
| AND | Implicit between different filters |
| OR (comma) | Comma-separated values in same filter (e.g., region:us-east-1,us-west-2) |
| NOT (-) | Use – prefix to exclude (e.g., -tag:Environment=Dev) |
| Wildcard (*) | Prefix matching only – place at END of string (e.g., region:us-east*) |
| Quotes (“”) | Multi-word exact match (e.g., "us-east-1" or "my search term") |
| Escape (\) | Escape special characters: * " - : = \ (e.g., tag.key:comma\,literal) |
Query Examples
# EC2 instances in US regions
service:ec2 region:us-east*
# Production resources without dev tag
tag:Environment=Production -tag:Stage=dev
# Multiple resource types
resourcetype:ec2:instance,s3:bucket
# Untagged resources
tag:none -tag.key:aws*
# Resources missing specific tag
-tag.key:Department
AWS Resource Explorer Search Limitations
- Searches with free-form text limited to 1,000 results (sorted by relevance)
- Searches without free-form text use ListResources API (no upper limit, not sorted)
- 30-second delay after tagging before resources appear in results
- IAM resource tags not searchable
- S3 objects within buckets not indexed (intentionally excluded)
- DynamoDB table items not indexed (intentionally excluded)
AWS Resource Explorer Access Methods
AWS Management Console
- Navigate directly to Resource Explorer console
- Use Unified Search bar (top of every AWS console page)
- Unified Search automatically uses default view in aggregator Region
AWS CLI
# Search for IAM resources
aws resource-explorer-2 search --query-string "service:iam"
# Search with specific view
aws resource-explorer-2 search \
--query-string "resourcetype:ec2:instance tag:env=production" \
--view-arn arn:aws:resource-explorer-2:REGION:ACCOUNT:view/VIEW-NAME/ID
# IMPORTANT: If query starts with - operator, use = instead of space
aws resource-explorer-2 search --query-string="-tag:none region:us-east-1"
# List resources (no free-form text)
aws resource-explorer-2 list-resources \
--filters FilterString="region:us-east-1 service:ec2"
# List supported resource types
aws resource-explorer-2 list-supported-resource-types
AWS SDK
- Available in all supported programming languages
- Use Search operation for queries with free-form text
- Use ListResources operation for filter-only queries
AWS Resource Explorer Pricing
- No additional charge for Resource Explorer service
- No setup fees or upfront commitments
- No charges for searching, creating views, or setting up Regions
- API calls made by Resource Explorer may result in charges
- Optional integrations (AWS Config) billed separately
- Interacting with discovered resources may incur service-specific charges
AWS Resource Explorer Best Practices
- Use aggregator index for cross-Region searches
- Create custom views for different user groups or access requirements
- Use filters instead of free-form text for deterministic results (filter matching logic does not change over time)
- Tag resources consistently for better searchability
- Grant minimum required permissions to views
- For organizations, use multi-account views with delegated administrator
- Deploy to OUs in smaller batches for large organizations (max 50,000 CloudFormation stacks)
AWS Resource Explorer Troubleshooting
- Missing resources: Most visible within minutes; up to 2 weeks in rare cases for modifications/deletions in Regions where setup is complete
- Tagged resources delay: Wait 30 seconds after tagging
- Initial indexing: Can take up to 36 hours for indexing and replication to aggregator index to complete
- Limited results: Use additional filters when free-form text returns 1,000+ results
- Different Unified Search results: Unified Search auto-appends wildcard to first term
- Resources with encrypted access: If you have encrypted access to some of your resources, Resource Explorer is unable to discover them
AWS Resource Explorer Regional Availability
Available in all major AWS Regions including:
- All US Regions (with FIPS endpoints)
- Asia Pacific Regions
- Europe Regions
- Middle East Regions
- Africa and South America Regions
References
-
- https://docs.aws.amazon.com/resource-explorer/latest/userguide/welcome.html
- https://docs.aws.amazon.com/resource-explorer/latest/userguide/using-search.html
- https://docs.aws.amazon.com/resource-explorer/latest/userguide/getting-started-setting-up.html
- https://docs.aws.amazon.com/resource-explorer/latest/userguide/using-search-query-syntax.html
Learn AWS with our PlayCloud Hands-On Labs
$2.99 AWS and Azure Exam Study Guide eBooks
New AWS Generative AI Developer Professional Course AIP-C01
Learn GCP By Doing! Try Our GCP PlayCloud
Learn Azure with our Azure PlayCloud
FREE AI and AWS Digital Courses
FREE AWS, Azure, GCP Practice Test Samplers
Subscribe to our YouTube Channel
Follow Us On Linkedin
Written by: Ostline Casao
Ostline is a Computer Science undergraduate at Cavite State University. She has experience in web development and Web3 technologies and is beginning her journey into cloud computing. She actively contributes to tech communities and edutech platforms that promote accessible education.
