diff --git a/packages/datadog-plugin-aws-sdk/src/services/eventbridge.js b/packages/datadog-plugin-aws-sdk/src/services/eventbridge.js
index 9309411564a..b316f75e6be 100644
--- a/packages/datadog-plugin-aws-sdk/src/services/eventbridge.js
+++ b/packages/datadog-plugin-aws-sdk/src/services/eventbridge.js
@@ -4,6 +4,7 @@ const BaseAwsSdkPlugin = require('../base')
 
 class EventBridge extends BaseAwsSdkPlugin {
   static get id () { return 'eventbridge' }
+  static get isPayloadReporter () { return true }
 
   generateTags (params, operation, response) {
     if (!params || !params.source) return {}
diff --git a/packages/datadog-plugin-aws-sdk/src/services/kinesis.js b/packages/datadog-plugin-aws-sdk/src/services/kinesis.js
index 60802bfc448..dd139e5a608 100644
--- a/packages/datadog-plugin-aws-sdk/src/services/kinesis.js
+++ b/packages/datadog-plugin-aws-sdk/src/services/kinesis.js
@@ -10,6 +10,7 @@ const { storage } = require('../../../datadog-core')
 class Kinesis extends BaseAwsSdkPlugin {
   static get id () { return 'kinesis' }
   static get peerServicePrecursors () { return ['streamname'] }
+  static get isPayloadReporter () { return true }
 
   constructor (...args) {
     super(...args)
diff --git a/packages/datadog-plugin-aws-sdk/src/services/s3.js b/packages/datadog-plugin-aws-sdk/src/services/s3.js
index c306c7ba0a8..0b6da57f3c9 100644
--- a/packages/datadog-plugin-aws-sdk/src/services/s3.js
+++ b/packages/datadog-plugin-aws-sdk/src/services/s3.js
@@ -5,6 +5,7 @@ const BaseAwsSdkPlugin = require('../base')
 class S3 extends BaseAwsSdkPlugin {
   static get id () { return 's3' }
   static get peerServicePrecursors () { return ['bucketname'] }
+  static get isPayloadReporter () { return true }
 
   generateTags (params, operation, response) {
     const tags = {}
diff --git a/packages/datadog-plugin-aws-sdk/src/services/sqs.js b/packages/datadog-plugin-aws-sdk/src/services/sqs.js
index 54a3e7e756c..38a5d03c775 100644
--- a/packages/datadog-plugin-aws-sdk/src/services/sqs.js
+++ b/packages/datadog-plugin-aws-sdk/src/services/sqs.js
@@ -9,6 +9,7 @@ const { DsmPathwayCodec } = require('../../../dd-trace/src/datastreams/pathway')
 class Sqs extends BaseAwsSdkPlugin {
   static get id () { return 'sqs' }
   static get peerServicePrecursors () { return ['queuename'] }
+  static get isPayloadReporter () { return true }
 
   constructor (...args) {
     super(...args)
diff --git a/packages/dd-trace/src/payload-tagging/config/aws.json b/packages/dd-trace/src/payload-tagging/config/aws.json
index 400b25bf670..0a63a9ab388 100644
--- a/packages/dd-trace/src/payload-tagging/config/aws.json
+++ b/packages/dd-trace/src/payload-tagging/config/aws.json
@@ -17,14 +17,82 @@
       "$.Attributes.Token",
       "$.Endpoints.*.Token",
       "$.PhoneNumber",
-      "$.PhoneNumbers",
-      "$.phoneNumbers",
       "$.PlatformApplication.*.PlatformCredential",
       "$.PlatformApplication.*.PlatformPrincipal",
-      "$.Subscriptions.*.Endpoint"
+      "$.Subscriptions.*.Endpoint",
+      "$.PhoneNumbers[*].PhoneNumber",
+      "$.phoneNumbers[*]"
     ],
     "expand": [
       "$.MessageAttributes.*.StringValue"
     ]
+  },
+  "eventbridge": {
+    "request": [
+      "$.AuthParameters.OAuthParameters.OAuthHttpParameters.HeaderParameters[*].Value",
+      "$.AuthParameters.OAuthParameters.OAuthHttpParameters.QueryStringParameters[*].Value",
+      "$.AuthParameters.OAuthParameters.OAuthHttpParameters.BodyParameters[*].Value",
+      "$.AuthParameters.InvocationHttpParameters.HeaderParameters[*].Value",
+      "$.AuthParameters.InvocationHttpParameters.QueryStringParameters[*].Value",
+      "$.AuthParameters.InvocationHttpParameters.BodyParameters[*].Value",
+      "$.Targets[*].RedshiftDataParameters.Sql",
+      "$.Targets[*].RedshiftDataParameters.Sqls",
+      "$.Targets[*].AppSyncParameters.GraphQLOperation",
+      "$.AuthParameters.BasicAuthParameters.Password",
+      "$.AuthParameters.OAuthParameters.ClientParameters.ClientSecret",
+      "$.AuthParameters.ApiKeyAuthParameters.ApiKeyValue"
+    ],
+    "response": [
+      "$.AuthParameters.OAuthParameters.OAuthHttpParameters.HeaderParameters[*].Value",
+      "$.AuthParameters.OAuthParameters.OAuthHttpParameters.QueryStringParameters[*].Value",
+      "$.AuthParameters.OAuthParameters.OAuthHttpParameters.BodyParameters[*].Value",
+      "$.AuthParameters.InvocationHttpParameters.HeaderParameters[*].Value",
+      "$.AuthParameters.InvocationHttpParameters.QueryStringParameters[*].Value",
+      "$.AuthParameters.InvocationHttpParameters.BodyParameters[*].Value",
+      "$.Targets[*].RedshiftDataParameters.Sql",
+      "$.Targets[*].RedshiftDataParameters.Sqls",
+      "$.Targets[*].AppSyncParameters.GraphQLOperation"
+    ],
+    "expand": [
+    ]
+  },
+  "s3": {
+    "request": [
+      "$.SSEKMSKeyId",
+      "$.SSEKMSEncryptionContext",
+      "$.ServerSideEncryptionConfiguration.Rules[*].ApplyServerSideEncryptionByDefault.KMSMasterKeyID",
+      "$.InventoryConfiguration.Destination.S3BucketDestination.Encryption.SSEKMS.KeyId",
+      "$.SSECustomerKey",
+      "$.CopySourceSSECustomerKey",
+      "$.RestoreRequest.OutputLocation.S3.Encryption.KMSKeyId"
+
+    ],
+    "response": [
+      "$.SSEKMSKeyId",
+      "$.SSEKMSEncryptionContext",
+      "$.ServerSideEncryptionConfiguration.Rules[*].ApplyServerSideEncryptionByDefault.KMSMasterKeyID",
+      "$.InventoryConfiguration.Destination.S3BucketDestination.Encryption.SSEKMS.KeyId",
+      "$.Credentials.SecretAccessKey",
+      "$.Credentials.SessionToken",
+      "$.InventoryConfigurationList[*].Destination.S3BucketDestination.Encryption.SSEKMS.KeyId"
+    ],
+    "expand": [
+    ]
+  },
+  "sqs": {
+    "request": [
+    ],
+    "response": [
+    ],
+    "expand": [
+    ]
+  },
+  "kinesis": {
+    "request": [
+    ],
+    "response": [
+    ],
+    "expand": [
+    ]
   }
 }