Bulk Tags

  • Updated

Vanta supports reading tags (called labels in GCP) from our various cloud provider integrations to populate different attributes of cloud resources, such as owner, description, user data, and scope. While these attributes can be set manually on the Inventory page or Integrations page for scoping, these fields are not persistent and will disappear once the integration is disconnected. For this reason, we recommend using tags, as they are continuous and more scalable.

Vanta offers two bulk tagging options:

Vanta tags

View available Vanta tags by selecting the Inventory page and the Edit bulk tag in the top right corner.


Select your cloud provider in the left side menu and the Vanta tags tab in the bulk tagging modal. You should then see a list of available Vanta tags with examples of how to use each title, including what the expected value is for the specific tag:



We will provide the exact tag details below for your reference:

  • For AWS and Azure, this is the email address of the instance's owner, and it should be set to the email address of a user in Vanta. An owner will not be assigned if there is no user in Vanta with the email specified.
  • For Digital Ocean and GCP, this is everything before the @ sign in the email address, with the . replacement with_dot_. Example: invanta-ownerfor GCP would be,vanta-owner = john_dot_doe.
  • This tag is present on a resource marking it as non-production. Having the value set to true will also keep a resource as non-production.
    • Vanta will mark the resource as out of scope once the tag is applied. Only apply this tag for non-production resources.
  • This tag allows administrators to set a description, for instance, or add any other descriptive information.
  • This tag allows administrators to define whether or not a resource contains user data (True/0) or if they do not contain user data (False/1).
  • This tag allows administrators to define whether or not a resource contains electronically Protected Health Information (ePHI). It can be set to either (True/0) or if they do not have ephi data (False/1).
    • This tag is only available for customers who are using HIPAA standards.
  • This tag allows administrators to describe the type of user data the instance contains.
  • Administrators can add this tag to mark a resource as out of scope for their audit. If this tag is added, the administrator will need to set a reason for why it's not relevant to their audit. 

See an example in AWS:


For the EC2 instance above - because it is tagged with "VantaOwner: jake@vanta.com" This means that Vanta will apply whichever user in Vanta has that email as the item owner on the inventory page.


Currently, Vanta does not support Vanta tags or custom tags for Heroku resources, and does not support custom tags for Digital Ocean.


Custom Inventory Tags 


Adding Custom Tags

  • From the inventory page, select Edit Bulk Tag


  • Choose the appropriate service from the left-hand menu, and then select Custom Tags.
  • In the table, enter tag names and values of the custom tags in the input fields to map them to Vanta tags. 
    • In the below example, the custom tag owner maps to the Vanta tag VantaOwner, and the custom tag environment with the value of development maps to the Vanta tag VantaNonProd


  • Once complete, select Save Changes

In the example above, instead of a tag consisting of "VantaOwner:jake@vanta.com", you would set the tag to "Owner:jake@vanta.com."