AWS resource-explorer documentation change
Summary
Updated Resource Explorer documentation to reflect immediate availability without activation, added details about permission tiers (Full/Enhanced/No Access experiences), clarified automatic vs manual setup modes, and expanded IAM policy requirements including service-linked role creation.
Security assessment
The changes emphasize IAM policy requirements (AWSResourceExplorerReadOnlyAccess/AWSResourceExplorerFullAccess) and service-linked role creation permissions, which are security-related configurations. However, there's no evidence this addresses an active security vulnerability - rather it documents proper access controls for a new feature rollout.
Diff
diff --git a/resource-explorer/latest/userguide/getting-started-terms-and-concepts.md b/resource-explorer/latest/userguide/getting-started-terms-and-concepts.md index 536faf77e..b56d9eba1 100644 --- a//resource-explorer/latest/userguide/getting-started-terms-and-concepts.md +++ b//resource-explorer/latest/userguide/getting-started-terms-and-concepts.md @@ -5 +5,3 @@ -Resource Explorer administratorResource Explorer userIndexViewResourceUnified search in the AWS Management ConsoleMulti-account search +Resource Explorer administratorResource Explorer userIndexViewResourceUnified Search in the AWS Management ConsoleMulti-account search + +AWS Resource Explorer now provides immediate access to resource search and discovery capabilities in a Region. With this launch, you no longer need to activate Resource Explorer to discover your resources. [Learn more](https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-immediate-resource-discovery-experience.html) @@ -10,0 +13,2 @@ AWS Resource Explorer is a resource search and discovery service. With Resource +Resource Explorer is available immediately when you have the appropriate permissions. Users with the permissions in the `[AWSResourceExplorerReadOnlyAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerReadOnlyAccess.html)` managed policy can start searching for resources right away without any setup. Users with both the permissions in the `[AWSResourceExplorerReadOnlyAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerReadOnlyAccess.html)` managed policy and the `iam:CreateServiceLinkedRole` permission (included in the [AWSResourceExplorerFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerFullAccess.html) managed policy) get complete search results with automatic infrastructure creation (index and view) on first search in a Region. The `iam:CreateServiceLinkedRole` permission is needed only by one user initially to create the service-linked role for the account. After the service-linked role exists in the account, all users with search permission searching in a new Region can create an index and a view for full results. + @@ -13 +17,3 @@ Resource Explorer provides fast responses to your search queries by using indexe -You should understand the following concepts to successfully administer and configure AWS Resource Explorer for your users. +Resource Explorer operates in two modes: automatic setup and manual setup. With automatic setup, Resource Explorer creates the necessary infrastructure (indexes and views) when you first search in a Region, provided you have the required permissions. Manual setup allows administrators to pre-configure Resource Explorer infrastructure before users begin searching. + +You should understand the following concepts to successfully use AWS Resource Explorer . @@ -27 +33 @@ You should understand the following concepts to successfully administer and conf - * Unified search in the AWS Management Console + * Unified Search in the AWS Management Console @@ -34 +40 @@ You should understand the following concepts to successfully administer and conf -The following diagram shows three AWS Regions in which the administrator turned on Resource Explorer, and one Region the administrator chose not to turn on. The Region where Resource Explorer isn't turned on doesn't have an index. Therefore, its resources can't be searched by Resource Explorer queries. +The following diagram shows three AWS Regions in which users have searched for resources, and one Region where no search has occurred yet. Regions with user-owned (local) indexes provide complete search results, while Regions with only Resource Explorer owned indexes provide partial results (all tagged resources and supported untagged resources created after the [immediate resource discovery](https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-immediate-resource-discovery-experience.html) release). @@ -36 +42 @@ The following diagram shows three AWS Regions in which the administrator turned -In this example scenario, the administrator chose the US West (Oregon) Region (`us-west-2`) to contain the aggregator index for the account. All Regions that you turn on replicate their local indexes to the Region with the aggregator index. +In this example scenario, a user selected the US West (Oregon) Region (`us-west-2`) to contain the aggregator index for the account. All Regions with user-owned (local) indexes replicate their local indexes to the Region with the aggregator index. @@ -38 +44 @@ In this example scenario, the administrator chose the US West (Oregon) Region (` -The default view created by Resource Explorer doesn't have any filters. Therefore, results from searching with this view can include resources of any type in all Regions in the account where Resource Explorer is turned on. +The default view created by Resource Explorer doesn't have any filters. Therefore, results from searching with this view can include resources of any type in all Regions in the account where Resource Explorer is turned on including Tags. @@ -40 +46 @@ The default view created by Resource Explorer doesn't have any filters. Therefor - + @@ -44,3 +50,3 @@ The default view created by Resource Explorer doesn't have any filters. Therefor - | Resource Explorer is turned on in this AWS Region and information about the Region's resources is stored in a local index in that Region. Every Region's local index is also replicated (indicated by the arrows) to the Region that contains the aggregator index. - | The index in this AWS Region is configured to be the aggregator index for the account. Resource Explorer replicates the resource information collected in the local indexes of all other Regions where Resource Explorer is turned on into the aggregator index in this Region. Searches made in this Region can include results from all Regions in the account. - | The default view created by **Quick Setup** includes all resources in all AWS Regions. + | Resource Explorer is set up with a user-owned (local) index in this AWS Region. Information about the Region's resources is stored in a local index in that Region. Every Region's user-owned (local) index is also replicated (indicated by the arrows) to the Region that contains the aggregator index. + | The index in this AWS Region is configured to be the aggregator index for the account. Resource Explorer replicates the resource information collected in the user-owned (local) indexes of all other Regions into the aggregator index in this Region. Searches made in this Region can include results from all Regions with user-owned (local) indexes in the account. + | The default view created by **Quick Setup** includes all resources in all AWS Regions with user-owned (local) indexes. @@ -50 +56 @@ The default view created by Resource Explorer doesn't have any filters. Therefor -A Resource Explorer _administrator_ is an AWS Identity and Access Management (IAM) principal who has the permission to manage Resource Explorer and its settings in the AWS account. The Resource Explorer administrator can configure the following features: +A Resource Explorer _administrator_ is an AWS Identity and Access Management (IAM) principal who has the permission to manage Resource Explorer and its settings in the AWS account. With Resource Explorer functionality available in an account by default, manual administrator setup is optional for basic functionality. Users with appropriate permissions can start searching immediately and Resource Explorer will automatically create the necessary infrastructure. The Resource Explorer administrator can configure the following features: @@ -52 +58 @@ A Resource Explorer _administrator_ is an AWS Identity and Access Management (IA - * Turn on Resource Explorer for individual AWS Regions in the AWS account by creating indexes in those Regions. This lets Resource Explorer discover resources and populate the index with information about those resources so that users can search for resources in that Region. + * Complete setup for individual AWS Regions in the AWS account by creating user-owned indexes in those Regions by searching or in **Settings**. This provides complete search results and lets Resource Explorer discover all resources and populate the index with comprehensive information about those resources. @@ -54 +60 @@ A Resource Explorer _administrator_ is an AWS Identity and Access Management (IA - * Update the index type in one AWS Region to make it the aggregator index for its AWS account. The aggregator index in this Region receives replicated copies of the resource information from all other Regions in the account where Resource Explorer is turned on. + * Enable cross-Region search by updating the index type in one AWS Region to make it the aggregator index for its AWS account.. The aggregator index in this Region receives replicated copies of the resource information from all other Regions in the account where user-owned indexes exist. @@ -83 +89 @@ The administrator typically has all Resource Explorer permissions (`resource-exp -A Resource Explorer _user_ is an IAM principal that has permission to do one or more of the following tasks: +Resource Explorer provides three permission-based experience tiers for users: @@ -85 +91 @@ A Resource Explorer _user_ is an IAM principal that has permission to do one or - * Perform a search for resources by using a view to query Resource Explorer. A Resource Explorer user wants to discover and find AWS resources and typically uses the Resource Explorer console, or the Resource Explorer `Search` operations provided by the AWS SDKs or the AWS CLI. +**Full Experience** @@ -87 +92,0 @@ A Resource Explorer _user_ is an IAM principal that has permission to do one or -A role or user can use IAM get permission to search with one of two methods: @@ -89 +94 @@ A role or user can use IAM get permission to search with one of two methods: - * The [Resource Explorer read only AWS managed policy](./security_iam_awsmanpol.html#security_iam_awsmanpol_AWSResourceExplorerReadOnlyAccess) to the IAM role, group, or user. +**Permissions:** At minimum, the permissions in the `[AWSResourceExplorerReadOnlyAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerReadOnlyAccess.html)` managed policy. If the service-linked role doesn't exist in the account, one user needs the `iam:CreateServiceLinkedRole` permission (included in the [AWSResourceExplorerFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerFullAccess.html) managed policy) to create it initially @@ -91 +96 @@ A role or user can use IAM get permission to search with one of two methods: - * An IAM permission policy with a statement containing the following minimum permissions to the IAM role, group, or user. +**Experience:** Complete single-Region resource search results with automatic updates @@ -93,9 +98 @@ A role or user can use IAM get permission to search with one of two methods: - { - "Effect": "Allow", - "Action": [ - "resource-explorer-2:Search", - "resource-explorer-2:GetView", - "Resource": "<ARN of the view>" - } - - * Although typically considered an administrator task, you can delegate to trusted users the ability to define create views. To do this, the administrator can grant permission to call the `resource-explorer-2:CreateView` operation in an IAM permission policy attached to the relevant roles, groups, or users. If the view requires specific permissions, then provision for adding or modifying the IAM policies for the relevant users must be made. +**Enhancement:** Can optionally enable cross-Region search by selecting an aggregator index @@ -102,0 +100 @@ A role or user can use IAM get permission to search with one of two methods: +**Enhanced Experience** @@ -104,0 +103 @@ A role or user can use IAM get permission to search with one of two methods: +**Permissions:** At minimum, the permissions in the `[AWSResourceExplorerReadOnlyAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerReadOnlyAccess.html)` managed policy @@ -106 +105 @@ A role or user can use IAM get permission to search with one of two methods: -For information about how to search for resources using Resource Explorer, see [Using AWS Resource Explorer to search for resources](./using-search.html). +**Experience:** Partial results immediately (all tagged resources and supported untagged resources created after the [immediate resource discovery](https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-immediate-resource-discovery-experience.html) release) @@ -108 +107 @@ For information about how to search for resources using Resource Explorer, see [ -## Index +**Enhancement:** Can upgrade to full experience by obtaining service-linked role creation permission or having another user with permissions create the service-linked role in the account @@ -110 +109 @@ For information about how to search for resources using Resource Explorer, see [ -An _index_ is the collection of information maintained by Resource Explorer about all of the AWS resources in one AWS Region in your AWS account. Resource Explorer maintains an index in each Region in which you turn on Resource Explorer. Resource Explorer updates the index automatically as you create and delete resources in your AWS account. In the earlier diagram, the boxes under the AWS Region names represent the Resource Explorer indexes maintained in each AWS Region. The index in a Region is the source of information for any views created in that Region. Users can't directly query the index. Instead, they must always query using a view. +**No Access** @@ -112 +110,0 @@ An _index_ is the collection of information maintained by Resource Explorer abou -There are two types of indexes: @@ -114 +112 @@ There are two types of indexes: -**Local index** +**Permissions:** Missing the permissions in the `[AWSResourceExplorerReadOnlyAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerReadOnlyAccess.html)` managed policy @@ -115,0 +114 @@ There are two types of indexes: +**Experience:** No resource search access @@ -117 +116 @@ There are two types of indexes: -There is one _local index_ in every AWS Region in which you turn on Resource Explorer. A local index contains information about only the resources in the same Region. +**Enhancement:** Must obtain proper permissions to access the service @@ -119 +118 @@ There is one _local index_ in every AWS Region in which you turn on Resource Exp -**Aggregator index** +A Resource Explorer _user_ is an IAM principal that has permission to do one or more of the following tasks: @@ -120,0 +120 @@ There is one _local index_ in every AWS Region in which you turn on Resource Exp + * Perform a search for resources by using a view to query Resource Explorer. A Resource Explorer user wants to discover and find AWS resources and typically uses the Resource Explorer console, or the Resource Explorer `Search` operations provided by the AWS SDKs or the AWS CLI. @@ -122 +122 @@ There is one _local index_ in every AWS Region in which you turn on Resource Exp -The Resource Explorer administrator can also designate the index in one AWS Region to be the _aggregator index_ for the AWS account. The aggregator index receives and stores a copy of the index for every other Region where Resource Explorer is turned on in the account. The aggregator index also receives and stores information about the resources in its own Region. In the earlier diagram, the Region `us-west-2` contains the aggregator index for the account. The primary reason to designate an aggregator index for the account is so that you can create views that can include resources from all Regions in the account. There can be **_only one_** aggregator index in an AWS account. +A role or user can get IAM get permission to search with one of two methods: @@ -124 +124 @@ The Resource Explorer administrator can also designate the index in one AWS Regi -When you turn on Resource Explorer, you can specify which AWS Region is to contain the aggregator index. You can also change the AWS Region used for the aggregator index later. For information about how to promote a local index to make it the aggregator index for its AWS account, see [Turning on cross-Region search by creating an aggregator index](./manage-aggregator-region.html). + * The [Resource Explorer read only AWS managed policy](./security_iam_awsmanpol.html#security_iam_awsmanpol_AWSResourceExplorerReadOnlyAccess) to the IAM role, group, or user. @@ -126 +126 @@ When you turn on Resource Explorer, you can specify which AWS Region is to conta -An index is a resource with an [Amazon resource name (ARN)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html). However, you can use this ARN only in permission policies to grant access to operations that interact directly with the index. With those operations, you can create views and set them as the default in a Region, turn on or turn off Resource Explorer in a Region, and create an aggregator index for the account. The ARN of an index looks similar to the following example: + * An IAM permission policy with a statement containing the following minimum permissions to the IAM role, group, or user. @@ -127,0 +128,7 @@ An index is a resource with an [Amazon resource name (ARN)](https://docs.aws.ama + { + "Effect": "Allow", + "Action": [ + "resource-explorer-2:Search", + "resource-explorer-2:GetView", + "Resource": "*" + } @@ -129 +136 @@ An index is a resource with an [Amazon resource name (ARN)](https://docs.aws.ama - arn:aws:resource-explorer-2:us-east-1:123456789012:index/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111 + * Although typically considered an administrator task, you can delegate to trusted users the ability to define create views. To do this, the administrator can grant permission to call the `resource-explorer-2:CreateView` operation in an IAM permission policy attached to the relevant roles, groups, or users. If the view requires specific permissions, then provision for adding or modifying the IAM policies for the relevant users must be made. @@ -131 +137,0 @@ An index is a resource with an [Amazon resource name (ARN)](https://docs.aws.ama -## View @@ -133 +138,0 @@ An index is a resource with an [Amazon resource name (ARN)](https://docs.aws.ama -A _view_ is the mechanism used to query the resources listed in an index. The view defines what information in the index is visible and available for search and discovery purposes. A user never directly queries the Resource Explorer index. Instead, queries must always go through a view which lets the view creator limit which resources the user can see in search results. @@ -135 +139,0 @@ A _view_ is the mechanism used to query the resources listed in an index. The vi -When you create a view, you specify filters that restrict which resources are included in search results. For example, you could choose to include only resources of a few specified resource types that are used by those to whom you grant access to this view. Results from queries that users make with a view are always automatically filtered to include only those resources that match the view's criteria. @@ -137 +141 @@ When you create a view, you specify filters that restrict which resources are in -To grant access to use a view, you can use assign permissions using one of the following methods. +For information about how to search for resources using Resource Explorer, see [Using AWS Resource Explorer to search for resources](./using-search.html). @@ -139 +143 @@ To grant access to use a view, you can use assign permissions using one of the f -To provide access, add permissions to your users, groups, or roles: +## Index @@ -141 +145 @@ To provide access, add permissions to your users, groups, or roles: - * Users and groups in AWS IAM Identity Center: +An _index_ is the collection of information maintained by Resource Explorer about all of the AWS resources in one AWS Region in your AWS account. Resource Explorer updates the index automatically as you create and delete resources in your AWS account. In the earlier diagram, the boxes under the AWS Region names represent the Resource Explorer indexes maintained in each AWS Region. The index in a Region is the source of information for any views created in that Region. Users can't directly query the index. Instead, they must always query using a view. @@ -143 +147 @@ To provide access, add permissions to your users, groups, or roles: -Create a permission set. Follow the instructions in [Create a permission set](https://docs.aws.amazon.com/singlesignon/latest/userguide/howtocreatepermissionset.html) in the _AWS IAM Identity Center User Guide_. +There are three types of indexes: @@ -145 +149 @@ Create a permission set. Follow the instructions in [Create a permission set](ht - * Users managed in IAM through an identity provider: +**Resource Explorer-owned index** @@ -147 +150,0 @@ Create a permission set. Follow the instructions in [Create a permission set](ht -Create a role for identity federation. Follow the instructions in [Create a role for a third-party identity provider (federation)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp.html) in the _IAM User Guide_. @@ -149 +152 @@ Create a role for identity federation. Follow the instructions in [Create a role - * IAM users: +A _Resource Explorer owned index_ exists in every AWS Region and is managed by the Resource Explorer service. These indexes cannot be deleted or modified by users. Resource Explorer owned indexes provide partial search results, including all tagged resources and supported untagged resources created after the [immediate resource discovery](https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-immediate-resource-discovery-experience.html) release. Users with only the permissions in the `[AWSResourceExplorerReadOnlyAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerReadOnlyAccess.html)` managed policy access resources through these indexes. @@ -151 +154 @@ Create a role for identity federation. Follow the instructions in [Create a role - * Create a role that your user can assume. Follow the instructions in [Create a role for an IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html) in the _IAM User Guide_. +**User-owned (local) index** @@ -153 +155,0 @@ Create a role for identity federation. Follow the instructions in [Create a role - * (Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in [Adding permissions to a user (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_change-permissions.html#users_change_permissions-add-console) in the _IAM User Guide_. @@ -154,0 +157 @@ Create a role for identity federation. Follow the instructions in [Create a role +There is one _user-owned (local) index_ in every AWS Region in which you complete setup for Resource Explorer. A user-owned index contains complete information about all resources in the same Region and provides full search results. @@ -155,0 +159 @@ Create a role for identity federation. Follow the instructions in [Create a role +**Aggregator index** @@ -158 +162 @@ Create a role for identity federation. Follow the instructions in [Create a role -Grant permission to allow your roles, groups, or users to invoke the `resource-explorer-2:GetView` and `resource-explorer-2:Search` operations on a view identified by its [Amazon resource name (ARN)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html). Alternatively, you can use the [Resource Explorer read only AWS managed policy](./security_iam_awsmanpol.html#security_iam_awsmanpol_AWSResourceExplorerReadOnlyAccess) for all principals who need to use the view to search. You can create multiple views that have different filters and scopes and thus return different subsets of your resource information. Then, you can grant permissions for each view to those users who need to see the information included by that view's results. +The Resource Explorer administrator can also designate the index in one AWS Region to be the _aggregator index_ for the AWS account. The aggregator index receives and stores a copy of the index for every other Region where user-owned indexes exist in the account. The aggregator index also receives and stores information about the resources in its own Region. In the earlier diagram, the Region `us-west-2` contains the aggregator index for the account. The primary reason to designate an aggregator index for the account is so that you can create views that can include resources from all Regions in the account. Using an aggregator index is optional but recommended for cross-region search capabilities. There can be **_only one_** aggregator index in an AWS account. @@ -160 +164 @@ Grant permission to allow your roles, groups, or users to invoke the `resource-e -To search with Resource Explorer, each user must have permission to use at least one view. You can't perform a search in Resource Explorer without using a view. +When you complete setup for Resource Explorer, you can specify which AWS Region contains the aggregator index. You can also change the AWS Region used for the aggregator index later. For information about how to promote a local index to make it the aggregator index for its AWS account, see [Enabling cross-Region search by creating an aggregator index](./manage-aggregator-region.html). @@ -162 +166 @@ To search with Resource Explorer, each user must have permission to use at least -Views are stored on a per-Region basis. A view can access only the Resource Explorer index in that AWS Region. To access account-wide search results, you must use a view in the Region that contains the _aggregator index_ for the account. The **Quick setup** option creates a default view in the AWS Region with the aggregator index and with filters that include all resources in all AWS Regions used by the account. +After the service-linked role has been created in the account (created by a user with the `iam:CreateServiceLinkedRole` permission, which is included in the [AWSResourceExplorerFullAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerFullAccess.html) managed policy), automatic index creation occurs when users with, at minimum, the permissions in the `[AWSResourceExplorerReadOnlyAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerReadOnlyAccess.html)` managed policy perform their first search in a Region that doesn't have a user-index set up already. If the service-linked role doesn't exist in the account, the user needs the `iam:CreateServiceLinkedRole` permission to create it. After the service-linked role exists in the account, any user with, at minimum, the permissions in the `[AWSResourceExplorerReadOnlyAccess](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSResourceExplorerReadOnlyAccess.html)` managed policy can trigger automatic index creation for complete search results. @@ -164 +168 @@ Views are stored on a per-Region basis. A view can access only the Resource Expl -For information about how to create views, see [Configuring an Resource Explorer view to provide access to resource searches](./configure-views.html). For information about how to use views in a query, see [Using AWS Resource Explorer to search for resources](./using-search.html). +An index is a resource with an [Amazon resource name (ARN)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html). However, you can use this ARN only in permission policies to grant access to operations that interact directly with the index. With those operations, you can create views and set them as the default in a Region, enable or disable Resource Explorer in a Region, and create an aggregator index for the account. The ARN of an index looks similar to the following example: @@ -166 +169,0 @@ For information about how to create views, see [Configuring an Resource Explorer -Every view has an [Amazon resource name (ARN)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) that you can reference in permission policies to grant access to individual views. You can also pass a view's ARN as a parameter to any API or AWS CLI operation that interacts with a view. The ARN of a view looks similar to the following example. @@ -167,0 +171 @@ Every view has an [Amazon resource name (ARN)](https://docs.aws.amazon.com/gener + arn:aws:resource-explorer-2:us-east-1:123456789012:index/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111 @@ -169 +173 @@ Every view has an [Amazon resource name (ARN)](https://docs.aws.amazon.com/gener - arn:aws:resource-explorer-2:us-east-1:123456789012:view/My-View-Name/1a2b3c4d-5d6e-7f8a-9b0c-abcd11111111 +## View @@ -171 +175 @@ Every view has an [Amazon resource name (ARN)](https://docs.aws.amazon.com/gener -###### Note +A _view_ is the mechanism used to query the resources listed in an index. The view defines what information in the index is visible and available for search and discovery purposes. A user never directly queries the Resource Explorer index. Instead, queries must always go through a view which lets the view creator limit which resources the user can see in search results. @@ -173 +177 @@ Every view has an [Amazon resource name (ARN)](https://docs.aws.amazon.com/gener -Every view ARN includes an AWS generated UUID at the end. This helps to ensure that users who might have had access to views with a specific name that was deleted can't automatically access a new view created with the same name. +For more information about views in Resource Explorer, see [Working with views](./views.html). @@ -194 +198 @@ Resource Explorer excludes intentionally those resources types whose inclusion w -## Unified search in the AWS Management Console +## Unified Search in the AWS Management Console @@ -198 +202 @@ At the top of the AWS Management Console, in every AWS service, there is a searc -After you turn on Resource Explorer and create an aggregator index and a default view, unified search can also include your account's resources in the search results. _Unified search_ automatically uses the default view in the AWS Region that contains the aggregator index for the account. This lets you search for a resource from any page in the AWS Management Console, without having to first open Resource Explorer. If you don't promote a local index to be the aggregator index for the account, or if you don't create a default view in the aggregator index Region, unified search doesn't include resources in its search results. Also, any principal performing a search must have permission to use the default view in the Region that contains the aggregator index or unified search doesn't include resources in its search results. +[Unified Search](https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/using-search.html) automatically uses the default view in the AWS Region that contains the aggregator index for the account or the default or service view per Region. This lets you search for a resource from any page in the AWS Management Console, without having to first open Resource Explorer. @@ -202 +206 @@ After you turn on Resource Explorer and create an aggregator index and a default -Unified search automatically inserts a wildcard character (`*`) operator at the end of the first keyword in the string. This means that unified search results include resources that match any string that starts with the specified keyword. +Unified Search automatically inserts a wildcard character (`*`) operator at the end of the first keyword in the string. This means that unified search results include resources that match any string that starts with the specified keyword. @@ -206 +210 @@ The search performed by the **Query** text box on the [Resource search](https:// -For more information about unified search and its integration with Resource Explorer, see [Using unified search in the AWS Management Console](./using-unified-search.html). +For more information about Unified Search and its integration with Resource Explorer, see [Using Unified Search in the AWS Management Console](./using-unified-search.html).