ComplyJet reads a set of AWS resource tags during inventory sync and uses them to automatically populate inventory records — including ownership, description, and audit scope.
This means you can manage compliance metadata directly from AWS, without manually updating each resource in ComplyJet.
Supported Tag Keys
ComplyJet currently reads the following tag keys:
ResourceOwnerResourceDescriptionResourceOutOfScopeForAudits
Tag keys are case-sensitive. Use the exact names shown above.
What Each Tag Does
ResourceOwner
Sets the inventory owner in ComplyJet.
Accepted values:
Full employee email — e.g.
[email protected]Email local-part only — e.g.
alex
ComplyJet first tries an exact email match, then falls back to matching the part before @. The person must already exist in ComplyJet for the match to succeed.
ResourceDescription
Sets the inventory description for the resource in ComplyJet.
Use plain language — for example:
Production customer-facing API
In the screenshots below, the tag ResourceDescription with value "this is a new custom tag based description" was applied to the complyjet-demo-manual-db RDS instance in AWS. After the next sync, the same description appeared automatically in ComplyJet's resource panel — no manual entry needed.
ResourceOutOfScopeForAudits
Controls whether the resource is considered in scope for compliance audits.
Accepted values:
true→ resource is marked out of scopefalse→ resource is marked in scope
Use lowercase true / false to avoid ambiguity.
Default Behavior
If no AWS tags are present on a resource:
New inventory resources default to the Engineering category owner
New inventory resources default to in scope = true
If AWS tags are present:
Tag values override those defaults during sync
Existing inventory records are updated when the matching tag is present
Important: Removing a tag in AWS does not clear the existing value in ComplyJet. To change a value via AWS sync, update the tag to a new value and run sync again.
Supported AWS Resource Types
Tags are read for the following AWS services:
EC2 instances
ECS services
EKS clusters
Lambda functions
App Runner services
DocumentDB clusters
DynamoDB tables
ECR repositories
Load balancers
RDS instances
S3 buckets
SQS queues
How to Add Tags in AWS
Using the AWS Console
Open the AWS service for the resource you want to tag.
Open the specific resource (e.g. an RDS instance).
Find the Tags section and click Manage tags.
Add the tag keys exactly as shown —
ResourceOwner,ResourceDescription,ResourceOutOfScopeForAudits.Enter your values and click Save changes.
Using the AWS CLI
The exact command varies by service, but the tags should follow this format:
Key=ResourceOwner,[email protected]
Key=ResourceDescription,Value=Production billing database
Key=ResourceOutOfScopeForAudits,Value=false
Recommended Tagging Standard
Apply all three tags to each supported AWS resource:
[email protected]
ResourceDescription=Production billing database
ResourceOutOfScopeForAudits=false
When Changes Appear in ComplyJet
Tag values are picked up during the next AWS inventory sync. After sync completes:
New resources will be created with the tagged values applied
Existing resources will be updated for any supported tag that is present
Troubleshooting
If tags are not showing up in ComplyJet after sync:
Confirm the tag key names match exactly, including capitalization
Confirm the tagged resource type is in the supported list above
ResourceOwnermust match a person already present in ComplyJetConfirm an AWS inventory sync has run after the tags were added