Tag Resources to Manage Access

You can control access to resources with the usage of tags. The tags help you to organize your resources and to manage user access to them.

Assign Tags to Resources with Connectors

You can only assign tags from the application if the connector hasn't been merged with the Connector application.

For the connectors merged with the connector application, you can assign tags in the connector application. For more information on assigning tags to merged connectors, refer to the Connector online help.

To assign tags to a connector that is not merged, follow the steps below.

1) Navigate to the Configure tab. Select the connector and click Assign Tag option from the quick action menu.
Assign tag to a connector

2) Select an existing tag and click Add Tag.

Alternatively, you can create a new tag. For detailed steps to create a new tag, refer to Configure Tags.

The selected tags are assigned to the resources discovered by the connector.

Cloud Account Tags (for AWS)

fetches AWS account-level tags that are associated with the AWS Organization connector. These tags are automatically applied to the member account connector, as well as to the resources discovered and its control evaluations.

You can search for these cloud account-tagged resources using the aws.account.tags.key and aws.account.tags.value tokens in the QQL search bar (refer to Search AWS Resources to learn more).

We have detected an issue where the cloud account tags may get removed from a member connector when detached from an organization. We recommend waiting for the auto-run or manually running your org connector to refresh the tag list.

Restrict User Access to all Connectors

If no tags are assigned to a user by default, the user can access all connectors. To restrict access to all connectors, you need to create a tag and not assign it to any connector but only to the user.