Resource Search allows you to explore your resources, stacks and projects in detail.
Resource Search supports a rich query language, described below.
The default search behavior is to return resources that match all terms in your query based on their name, URN, stack, or project.
For example, a query like
will return resources having types like
aws:s3/bucketobject:BucketObject. It will also return resources in stacks named “bucket” or projects named “my-cool-bucket”.
Similarly, a query for
will return resources to belonging to stacks named “production”. It will also include any resources with “production” anywhere in its name.
A resource will only be returned if it matches all terms in the query. If you search for
a resource named “foo” in the “bar” stack will be returned, but a resource only named “bar” will not be returned.
The default search behavior is helpful for preliminary exploration but is often too broad for finer analysis. To more precicesly control how your queries match resources, you can explicitly limit part or all of your query to match specific fields.
For example, searching
name:production will only return resources that include “production” in their logical name.
In general, any column visible in the UI can be queried as a field by taking the lowercase column name and adding a
: followed by a query term.
The colon cannot be followed by whitespace.
The complete list of available fields is below.
The UTC time when the resource was created.
Resources created or modified with CLI versions below 3.60 do not have
- created:[2023-01-01 to 2023-03-31]
Whether the resource is a CustomResource.
Examples: custom:true | custom:false
Whether the resource is marked for deletion in the next update.
Typically indicates a resource that was not cleaned up due to an error.
Examples: delete:true | delete:false
The URN of another resource this resource explicitly or implicitly depends on.
A resource can have multiple dependencies. When querying,
dependency:foo returns resources with any dependency with a URN matching
The physical name of the resource, as assigned by the resource’s provider. May not be set if the resource is pending creation.
The UTC time when the resource’s state was last modified during an update, refresh or import.
Stacks modified with CLI versions below 3.60 record this for all resources as the time of the stack operation, regardless of whether the resource was modified. After CLI version 3.60 the resource’s modified time is only updated when the resource’s state is modified.
- modified:[2023-01-01 to 2023-03-31]
The logical name of the resource.
Typically the first parameter provided to the resource when it was instantiated.
The package component of the resource’s type.
aws for a resource of type
The URN of the resource’s parent, if it has one.
The state of the resource if it is pending.
Typically indicates an operation that was interrupted due to an error, possibly needing manual intervention to resolve.
The project the resource belongs to.
Whether the resource is protected from deletion.
Examples: protected:true | protected:false
The URN of the resource’s provider.
The stack the resource belongs to.
The type of the resource.
The URN of the resource.
Surrounding terms with
"double quotes" produces an exact match query.
Only resources matching the phrase in quotes exactly (including punctuation and whitespace) will be returned.
An exact match can optionally have a field associated with it.
Terms can be excluded from results by prefixing them with a
-foo will exclude all resources that would normally match a query for
Negation can be applied to exact matches and fields. All of
-"foo bar" are valid.
Fields can be repeated for multiple exclusions:
name:-foo name:-bar excludes all resources with names matching
All terms are implicitly combined with a logical
AND, but terms can also be combined with
foo OR bar returns resources that would normally match
foo as well as resources that would normally match
Precedence is simple left-to-write, so
foo bar OR baz is interpreted as
(foo AND bar) OR baz. Parentheses are strongly recommended when combining terms with OR to prevent unexpected results. In this case, you can query for
foo (bar OR baz) if your intent is to match
OR can be combined with negation, exact matches, and field queries like so:
“S3-bucket” (stack:prod OR stack:dev) project:-sandbox
modified fields can be queried for a range of values with
[a to b].
[a to b] form is inclusive on both sides.
For example, resources modified within the first quarter of 2023 (requires CLI 3.XX):
modified:[2023-01-01 to 2023-03-31]
Ranges can also be one-sided. For example, to query everything modified after January 1, 2023:
Expanding the “Advanced filtering” menu shows your results broken down by type, pacakge, stack, and project. The values shown in each column and the top values for that particular dimension, along with a count of how many resources share that value.
In the example above, the query has been restricted to the “my-stack” stack.
The counts next to each value show that this stack has 18 subnets, and 366 AWS resources in total.
Clicking “Clear filters” will remove all previously selected filters.
Download a CSV
The CSV Export feature is only available to organizations using the Enterprise and Business Critical editions.
If you don’t see it in your organization, contact sales.
You can download a CSV with all resources matching your query by clicking the “Download CSV” buttong.
For a complete description of the CSV format returned, see the Data Export documentation.
Resources can also be queried programmatically. See the Pulumi Cloud REST API for full details of the API endpoint to query resources.
AI Assist is an experimental feature that lets you use natural-language prompts to generate queries for use with Resource Search.
If you don’t see it in your organization, contact sales.
Organizations with AI Assist enabled will see an “AI Assist” button to the right of their search bar.
After clicking “AI Assist” you can input a natural language query, for example:
How many VPCs do I have?
You will then be re-directed to the “Syntax” tab with a pre-populated search query that attempts to answer your question. The search bar will remain empty if it’s not able to generate a valid query for your question.
You may need to refine the pre-populated query slightly to capture your intent. For example, if you ask, “How many buckets do I have?” it might give you a query like
This isn’t accurate if you’re using Google Cloud, however. In that case you could modify the query to be
or, if you’re not sure which type is appropriate, you can use AI Assist again to clarify:
How many gcp buckets do I have?
You may want to expand the “Advanced fitlering” menu if you are interested in specific resource counts.
You do not need to query AI Assist with English:
(type:aws:ec2/instance:Instance OR type:azure:compute:VirtualMachine OR type:gcp:compute:Instance)
Resource Search is available to all members of an organization, but as a user you are only able to see and query resources that you have permission to access. More specifically: