diff --git a/examples/cloudwatch-metrics-stream-single-account/variables.tf b/examples/cloudwatch-metrics-stream-single-account/variables.tf
index 2abb682..60c8384 100644
--- a/examples/cloudwatch-metrics-stream-single-account/variables.tf
+++ b/examples/cloudwatch-metrics-stream-single-account/variables.tf
@@ -80,4 +80,10 @@ variable "exclude_filters" {
         metric_names = list(string)
     }))
     default = []
+}
+
+variable "tags" {
+    description = "Map of tags to apply to resources"
+    type        = map(string)
+    default     = {}
 }
\ No newline at end of file
diff --git a/modules/cloud-watch-metrics-stream/README.md b/modules/cloud-watch-metrics-stream/README.md
index 54ae134..bf09ebd 100644
--- a/modules/cloud-watch-metrics-stream/README.md
+++ b/modules/cloud-watch-metrics-stream/README.md
@@ -55,6 +55,7 @@ No modules.
 |<a name="access_key_id"></a> [access\_key\_id](#input\_access\_key\_id) | The ID for the access key that has the permissions into the Cloud Account. It must be provided along secret_key when this auth mode is used | `string` | n/a | no |
 |<a name="include_filters"></a> [include\_filters](#input\_include\_filters) | List of inclusive metric filters. If you specify this parameter, the stream sends only the conditional metric names from the metric namespaces that you specify here. If you don't specify metric names or provide empty metric names whole metric namespace is included. Conflicts with `exclude_filter` | `Object` | n/a | no |
 |<a name="exclude_filters"></a> [exclude\_filters](#input\_exclude\_filters) | List of exclusive metric filters. If you specify this parameter, the stream sends metrics from all metric namespaces except for the namespaces and the conditional metric names that you specify here. If you don't specify metric names or provide empty metric names whole metric namespace is excluded. Conflicts with `include_filter` | `Object` | n/a | no |
+|<a name="tags"></a> [tags](#input\_tags) | Map of tags to apply to resources | `map string` | n/a | no |
 
 ## Outputs
 
diff --git a/modules/cloud-watch-metrics-stream/iam.tf b/modules/cloud-watch-metrics-stream/iam.tf
index 853e6d9..5eb49f3 100644
--- a/modules/cloud-watch-metrics-stream/iam.tf
+++ b/modules/cloud-watch-metrics-stream/iam.tf
@@ -6,6 +6,7 @@ resource "aws_iam_role" "service_role" {
         name   = "sysdig_stream_s3_policy"
         policy = data.aws_iam_policy_document.iam_role_task_policy_service_role.json
     }
+    tags = var.tags
 }
 
 resource "aws_iam_role" "sysdig_cloudwatch_metric_stream_role" {
@@ -17,6 +18,7 @@ resource "aws_iam_role" "sysdig_cloudwatch_metric_stream_role" {
         name   = "sysdig_stream_firehose_policy"
         policy = data.aws_iam_policy_document.iam_role_task_policy_sysdig_cloudwatch_metric_stream_role.json
     }
+    tags = var.tags
 }
 
 resource "aws_iam_role" "sysdig_cloudwatch_integration_monitoring_role" {
@@ -25,6 +27,7 @@ resource "aws_iam_role" "sysdig_cloudwatch_integration_monitoring_role" {
     path   = "/"
     description = "A role to check status of stack creation and metric stream itself"
     assume_role_policy = data.aws_iam_policy_document.sysdig_cloudwatch_integration_monitoring_role_assume_role.json
+    tags = var.tags
 }
 
 resource "aws_iam_role_policy" "cloud_monitoring_policy" {
diff --git a/modules/cloud-watch-metrics-stream/main.tf b/modules/cloud-watch-metrics-stream/main.tf
index 6ce4943..e979bde 100644
--- a/modules/cloud-watch-metrics-stream/main.tf
+++ b/modules/cloud-watch-metrics-stream/main.tf
@@ -1,6 +1,7 @@
 resource "aws_cloudwatch_log_group" "sysdig_stream_logs" {
     name = "sysdig-cloudwatch-metric-stream-${data.aws_region.current.name}-${data.aws_caller_identity.me.account_id}"
     retention_in_days = 14
+    tags = var.tags
 }
 
 resource "aws_cloudwatch_log_stream" "http_log_stream" {
@@ -15,7 +16,7 @@ resource "aws_cloudwatch_log_stream" "s3_backup" {
 
 resource "aws_s3_bucket" "sysdig_stream_backup_bucket" {
     bucket = "sysdig-backup-bucket-${data.aws_region.current.name}-${data.aws_caller_identity.me.account_id}"
-    ## add tags?
+    tags = var.tags
 }
 
 resource "aws_kinesis_firehose_delivery_stream" "sysdig_metric_kinesis_firehose" {
@@ -48,6 +49,8 @@ resource "aws_kinesis_firehose_delivery_stream" "sysdig_metric_kinesis_firehose"
             compression_format  = "GZIP"
         }
     }
+
+    tags = var.tags
 }
 
 resource "aws_cloudwatch_metric_stream" "sysdig_metris_stream_all_namespaces" {
@@ -72,6 +75,8 @@ resource "aws_cloudwatch_metric_stream" "sysdig_metris_stream_all_namespaces" {
             metric_names = length(exclude_filter.value.metric_names) > 0 ? exclude_filter.value.metric_names : null
         }
     }
+
+    tags = var.tags
 }
 
 resource "time_sleep" "wait_60_seconds" {
diff --git a/modules/cloud-watch-metrics-stream/variables.tf b/modules/cloud-watch-metrics-stream/variables.tf
index 2abb682..60c8384 100644
--- a/modules/cloud-watch-metrics-stream/variables.tf
+++ b/modules/cloud-watch-metrics-stream/variables.tf
@@ -80,4 +80,10 @@ variable "exclude_filters" {
         metric_names = list(string)
     }))
     default = []
+}
+
+variable "tags" {
+    description = "Map of tags to apply to resources"
+    type        = map(string)
+    default     = {}
 }
\ No newline at end of file