When you enable the Threat Stack AWS EC2 integration, The Threat Stack Agent will automatically pull and process all EC2 tags in your AWS environment. The Threat Stack Agent filters out low-value, automatically-generated tags, such as “aws:cloudformation.”
The Threat Stack Agent pull includes AWS EC2 tags applied to hosts with no Threat Stack Agent installed.
For more information on AWS EC2 tags, see Overview: AWS EC2 Tags.
Other AWS EC2 FAQs