# Turning on multi-account search
With multi-account search, you can search for resources across accounts with active indexes in your AWS Organizations or organizational unit (OU).
**Topics**
+ [
## Prerequisites
](#getting-started-prerequisites)
+ [
## Enable multi-account search
](#enable-multi-account-search)
+ [
## Multi-account Quick Setup
](#getting-started-quick-setup)
+ [
# Effect of account actions on Resource Explorer multi-account search
](manage-service-account-actions.md)
## Prerequisites
To turn on multi-account search for your organization, complete the following:
+ For [opt-in Regions](https://docs.aws.amazon.com/resource-explorer/latest/userguide/opt-in-region-considerations), verify your management account is also opted-in where you are turning on multi-account search.
+ [Create an administrative user.](https://docs.aws.amazon.com/resource-explorer/latest/userguide/getting-started-setting-up-prereqs.html#create-an-admin)
+ [Create a service-linked role in the administrator account](https://docs.aws.amazon.com/resource-explorer/latest/userguide/security_iam_service-linked-roles.html) with `aws iam create-service-linked-role --aws-service-name resource-explorer-2.amazonaws.com`.
+ [Enable trusted access in AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html). This allows full integration with Resource Explorer to list resources across all accounts in your organization.
+ Assign a delegated administrator (*recommended*). For more information, see [ Delegated administrator for AWS services that work with Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_delegated_admin.html) in the *AWS Organizations User Guide*.
+ Resource Explorer supports only 1 delegated administrator who performs similar actions to the management account.
+ Removing or changing the delegated administrator for your organization results in the removal of all multi-account views created in their account.
## Enable multi-account search
To search and discover resources across your organization's accounts, you must complete the following steps:
1. [Activate AWS Resource Explorer in one or more accounts in your AWS Organizations.](https://docs.aws.amazon.com/resource-explorer/latest/userguide/getting-started-setting-up.html)
1. [Register one Region to contain the aggregator index.](https://docs.aws.amazon.com/resource-explorer/latest/userguide/manage-aggregator-region.html)
1. [Choose a Region in which to create an aggregator index. This Region must be consistent across your AWS Organizations.](https://docs.aws.amazon.com/resource-explorer/latest/userguide/configure-views.html)
1. [Create a Resource Explorer view that's scoped to your AWS Organizations or organizational unit. Create this view in the aggregator Region from the preceding step.](https://docs.aws.amazon.com/resource-explorer/latest/userguide/configure-views-create.html)
1. [Share the view with accounts across your organization.](https://docs.aws.amazon.com/resource-explorer/latest/userguide/configure-views-share.html)
## Multi-account Quick Setup
Enable Resource Explorer across multiple accounts in your organization with the Quick Setup.
**Note**
This process does not deploy any resources in the management account. If you are using the management account and you want indexes in the account, you must manually add them with the Resource Explorer onboarding flow.
1. Navigate to [Quick Setup](https://console.aws.amazon.com/systems-manager/quick-setup/create-configuration?configurationType=AWSQuickSetupType-ResourceExplorer) for Resource Explorer in the Systems Manager console.
1. Choose your **Aggregator index Region**. This allows you to search for resources located in all Regions in the selected target accounts. If any of the selected target accounts already have an aggregator index configured in another Region, the existing aggregator index will be automatically replaced with this new Region.
1. Choose your account **Targets**. You can enable Resource Explorer for your entire organization or for specific organizational units (OUs).
**Note**
You can deploy to a maximum of 50,000 AWS CloudFormation stacks at a time. If you have a large organization that spans multiple Regions, you should deploy at the OU level in smaller batches.
1. Read through the summary of acknowledgements before you choose **Create**.
# Effect of account actions on Resource Explorer multi-account search
**Note**
It takes up to 24 hours to remove accounts and resources from multi-account search results.
Account actions have the following effects on AWS Resource Explorer multi-account search.
## Resource Explorer disabled
When you disable Resource Explorer for an account, it is disabled only for that account in the AWS Region that is selected when you disable it.
You must disable Resource Explorer separately in each Region where it's enabled.
After 24 hours, resources from this account won't appear in search results.
Other Resource Explorer data and settings are not removed.
## Member account is removed from an organization
When a member account is removed from an organization, the Resource Explorer administrator account loses permissions to view resources in the member account.
If the removed account is an administrator or delegated administrator account, all the multi-account views previously created by these accounts will also be removed.
Resource Explorer continues to run in both accounts.
Resource search results no longer include resources from this account.
## Account is suspended
When an account is suspended in AWS, the account loses permissions to view resources in Resource Explorer. The administrator account for a suspended account can view the existing resources.
For an organization account, the member account status can also change to **Account Suspended**. This happens if the account is suspended at the same time that the administrator account attempts to enable the account. The administrator account for an **Account Suspended** account cannot view resources for that account.
Otherwise, the suspended status doesn't affect the member account status.
After 90 days, the account is either deactivated or reactivated. When the account is reactivated, its Resource Explorer permissions are restored. If the member account status is **Account Suspended**, the administrator account must enable the account manually.
## Account is closed
When an AWS account is closed, Resource Explorer responds to the closure as follows:
+ Resource Explorer retains the resources for the account for 90 days from the effective date of the account closure. At the end of the 90 day period, Resource Explorer permanently deletes all resources for the account.
+ To retain resources for more than 90 days, you can use a custom action with an EventBridge rule to store the resources in an Amazon S3 bucket. As long as Resource Explorer retains the resources, when you reopen the closed account, Resource Explorer restores the resources for the account.
+ If the account is a Resource Explorer administrator account, it is removed as an administrator and all the member accounts are removed. If the account is a member account, it is disassociated and removed as a member from the Resource Explorer administrator account.
+ For more information, see [Closing an account](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/close-account.html).
## Account opt-out
If an account opts-out of a Region, you will still see their resources in search results for up to 24 hours.
After 24 hours, resources from this account won't appear in search results. For more information, see [Opt-out behaviors](opt-in-region-considerations.md#behaviors).