Ensure EC2 instances have tags

Error: EC2 instances do not have tags

Bridgecrew Policy ID: BC_AWS_GENERAL_1
Severity: LOW

EC2 instances do not have tags


Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment. This is useful when you have many resources of the same type—you can quickly identify a specific resource based on the tags that you've assigned to it.

All AWS assets should have at minimum these four mandatory tags: Application, XXX, YYY and ZZZ. Assets without these mandatory tags will be marked as non-compliant.

An example of the tag value pairs: Tag name: Application Example value: Rebellion.

Fix - Runtime


To remediate this issue add the mandatory tags to the assets following the Cloud Asset Tagging guidelines.

CLI Command

The following command adds the tag Stack=production to the specified image, or overwrites an existing tag for the AMI where the tag key is Stack. If the command succeeds, no output is returned.

aws ec2 create-tags \
    --resources ami-78a54011 \
    --tags Key=Stack,Value=production

Fix - Buildtime


  • Resource: aws_ec2_tag
  • Arguments:
    key - (Required) The tag name.
    value - (Required) The value of the tag.
resource "aws_ec2_tag" "example" {
  resource_id = aws_vpn_connection.example.transit_gateway_attachment_id
  key         = "Name"
  value       = "Hello World"