AWS EC2 Tags FAQ

This page includes frequently asked questions about Amazon Web Services (AWS) EC2 tags in F5 Distributed Cloud App Infrastructure Protection (AIP). For more information, see AWS EC2 Tags Overview.

Do I have to use AWS EC2 tags?

No. The Distributed Cloud AIP Agent automatically pulls and processes any AWS EC2 tags you have in your AWS resources, but you can choose not to apply any of those tags to rules.

How does Distributed Cloud AIP ingest AWS EC2 tags?

When you enable the Distributed Cloud AIP AWS EC2 integration, the Distributed Cloud AIP Agent automatically pulls and processes all EC2 tags in your AWS environment. The Distributed Cloud AIP Agent filters out low-value, automatically-generated tags, such as aws:cloudformation.

The Distributed Cloud AIP Agent pull includes AWS EC2 tags applied to hosts with no Distributed Cloud AIP Agent installed.

How does Distributed Cloud AIP apply AWS EC2 tags?

Distributed Cloud AIP applies AWS EC2 tags in three ways:

  • Distributed Cloud AIP automatically applies any rule with a tag to an AWS host with a matching tag.
    • If an AWS host has a tag that matches a Distributed Cloud AIP rule, but the rule set in which the rule lives does is not applied to the AWS host, then Distributed Cloud AIP applies the rule to the AWS host anyway.
  • You can assign a rule to all AWS EC2 tags.
  • Rules can apply to multiple tags.

How long does it take for new, edited, and/or deleted AWS EC2 tags to display?

It takes up to 10 minutes for Distributed Cloud AIP to ingest new, edited, and/or deleted AWS EC2 tags.

Why don’t AWS EC2 tags show up for CloudTrail?

AWS EC2 tags only apply to EC2 rules, which include File Integrity Monitoring (FIM), host IDS (Linux, Windows, Threat Intel), and Kubernetes (Audit and Configuration) rules at this time.

Why don’t AWS EC2 tags show up for Configuration Audit?

AWS EC2 tags only apply to File Integrity Monitoring (FIM) and host IDS rules at this time.

Was this article helpful?
0 out of 0 found this helpful