A tag is an optional label that you can define and assign to AWS resources, including certain types of Detective resources. Tags can help you identify, categorize, and manage resources in different ways, such as by purpose, owner, environment, or other criteria. For example, you can use tags to apply policies, allocate costs, distinguish between versions of resources, or identify resources that support certain compliance requirements or workflows.
You can assign tags to your behavior graph. You can then use the tag values in IAM policies to manage access to behavior graph functions in Detective. See Authorization based on Detective behavior graph tags.
You also can use tags as a tool for cost reporting. For example, to track costs associated with security, you could assign the same tag to your Detective behavior graph, AWS Security Hub hub resource, and Amazon GuardDuty detectors. In AWS Cost Explorer, you could then search for that tag to see a consolidated view of the costs across those resources.
Viewing the tags for a behavior graph
You manage the tags for your behavior graph from the General page.
To view the list of tags assigned to the behavior graph
-
Open the Amazon Detective console at https://console.aws.amazon.com/detective/
. -
In the navigation pane, under Settings, choose General.
Adding tags to a behavior graph
From the tag list on the General page, you can add tag values to the behavior graph.
To add a tag to your behavior graph
-
Choose Add new tag.
-
For Key, enter the name of the tag.
-
For Value, enter the value of the tag.
Removing tags from a behavior graph
To remove a tag from the list on the General page, choose the Remove option for that tag.
