Profile Applicability:

  • Level 1

Description:

AWS Resource Explorer allows you to explore AWS resources in your account and view their relationships in a unified view. Resource Explorer indexes are used to provide metadata about your AWS resources and their relationships. This SOP ensures that the AWS Resource Explorer indexes are configured correctly and that indexes are found to enable the exploration of AWS resources.

Rationale:

  • Security: Ensuring that Resource Explorer indexes are found and functioning properly ensures that you can accurately identify and access AWS resources, which is critical for managing permissions and understanding resource relationships.

  • Compliance: Indexing allows organizations to meet certain compliance needs, such as ensuring that all resources are tracked and documented for auditing purposes.

  • Operational Efficiency: Resource Explorer enables administrators and security teams to quickly search for and view AWS resources, which is crucial for troubleshooting and management.

Impact:

Pros:

  • Enhanced Security and Visibility: Provides better visibility into your AWS resources, ensuring they are indexed for easy search and auditing.

  • Improved Resource Management: Having accurate resource indexing helps identify unused resources, optimize costs, and manage security posture effectively.

  • Compliance: Helps organizations maintain proper resource documentation for audits and reporting purposes.

Cons:

  • Potential Performance Impact: If there is a large number of resources, indexing may take time and could temporarily impact system performance during the indexing process.

  • Operational Overhead: Managing and monitoring resource indexing may require additional operational overhead, especially in environments with a large number of resources.

Default Value:

By default, Resource Explorer indexes are not automatically enabled, and resources are not indexed unless explicitly configured.

Pre-requisite:

  • AWS IAM Permissions:

    • resourceexplorer2:Search

    • resourceexplorer2:CreateIndex

    • resourceexplorer2:DescribeIndex

  • AWS CLI installed and configured.

  • Resource Explorer is configured and operational.

Test Plan:

Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to Resource Explorer under Services.

  3. In the Resource Explorer Console, verify that indexes have been created by checking the Index Status.

  4. If the indexes are not found, verify if any indexes are in the process of being created or if there is an issue with the configuration.

  5. If no indexes are found, proceed to enable and configure indexes as per the Implementation Steps below.

Using AWS CLI:

  1. To describe the index status, run the following command:

    aws resourceexplorer2 describe-index --index-id <index-id>

  2. This will return the status of the index. If the index is not found or not yet created, it will indicate that the index is inactive or missing.

  3. To list all indexes, you can run:

    aws resourceexplorer2 list-indexes

  4. Verify that the indexes exist and are active.

Implementation Steps:

Using AWS Console:

  1. Sign in to the AWS Management Console and navigate to Resource Explorer.

  2. In the Resource Explorer Console, select Create Index.

  3. Select the region in which you want to create the index.

  4. Choose the resources to index (you can index all resources or specific types).

  5. Click Create Index to enable resource indexing.

  6. Once the index is created, check if the index status is set to active.

Using AWS CLI:

  1. To create a Resource Explorer index, run the following command:

    aws resourceexplorer2 create-index --region <region> --index-type AWS_RESOURCE

  2. After creating the index, verify its status by running:

    aws resourceexplorer2 describe-index --index-id <index-id>

  3. Ensure that the index is active. If not, troubleshoot any issues in the indexing process.

Backout Plan:

Using AWS Console:

  1. If the index configuration causes issues or does not meet your requirements, sign in to the AWS Management Console.

  2. Navigate to Resource Explorer and select the index you want to remove.

  3. Click Delete Index to remove the index configuration.

  4. Verify that the index is removed and that resource discovery is no longer impacted.

Using AWS CLI:

  1. To delete an index, run the following command:

    aws resource-explorer-2 delete-index --region <REGION>

  2. Verify that the index has been deleted successfully by describing the index again:

    aws resource-explorer-2 describe-index --region <REGION>

References:

CIS Controls Mapping:

Version

Control ID

Control Description

IG1

IG2

IG3

v8

3.4

Encrypt Data on End-User Devices – Ensure data encryption during file system access.

v8

6.7

Implement Application Layer Filtering and Content Control – Ensure appropriate content filtering is applied to sensitive files.

v8

6.8

Define and Maintain Role-Based Access Control – Implement and manage role-based access for file systems.

v8

14.6

Protect Information Through Access Control Lists – Apply strict access control to file systems.