5 min read

Finding User Tags in Amazon AWS, Azure and GCP

February 13, 2024

Finding User Tags ib AWS Azure GCP

How would you like to find any resource in any cloud account from any of the major cloud vendors with a single command?

When you have your cloud accounts connected to Hava, as well as getting all your cloud diagrams automated, you can also use the search feature to track down any cloud resource that matches ANY user generated tag pair. 

The Hava search command will treat any search term that isn't a reserved search term like "region:" or "name:" as a user tag.  When you execute the search, Hava will search through the config data os all your connected cloud accounts.

In this video we go searching for a tag called "environment" with a value of test.

Notice there is no need to log into a single cloud account. 


The search will pass through every connected cloud account, be that AWS, Azure or GCP.

Matches found are returned to an interactive diagram, where you can inspect the meta data, see where the the resource is running, what vpc or network it lives in and what cloud account or vendor the resource is set up in.

Searching for User Generated Tags


The search starts in the search box at the top of your Hava dashboard.

When you start the search process a box will appear with all the search terms you can use. These are reserved values that are present in your cloud meta data, like name:, id:, region:, subnet: etc

When you enter a search term that isn't a reserved word, Hava will treat this as a customer generated tag.

In this example the tag "environment:" is user defined. 

We want to find any resources where the tag "environment:" has a value of "test"


When the search is complete, a diagram is returned showing all the resources with a tag called environment with a value of test


in the example above, when you select any of the returned resources, you can see the matched tag value in the attribute pane.

You can then dig in to the meta data and see the VPC, cloud account, vendor, security settings, connections and so on.

Finding tags that don't match.

The negative match search operator built into Hava can be used to find resources that have a tag without the required tag value. 

But... there's a trick to getting exactly what you want.

Say for instance you want to locate all resources that have the "environment" tag set but don't have a desired tag value. Maybe you want to find all resources that aren't tagged as Production, or in the following example "test"

Prefixing the search with a - (minus) sign invokes the negative match results. 


The example above will return every resource that doesn't have the "environment" tag with a value of "test". This will include all resources that don't have the "environment" tag at all, so typically you will get a lot of resources returned.

To get resources that DO have the environment tag, but that tag value is not set to "test" you will need to combine a wildcard tag search with a negative search.


The first portion of this search environment:* says get all resources with a tag called environment set to any value.

The and operator means the search must meet a second condition.

That second condition is the "-environment:test" which means the result cannot match.

So the combination returns any resource that has the environment tag present, but the value of the tag is anything but "test"


This time we get 3 AWS VPCs returned and a GCP virtual network. When any of the resources are selected, you can see the environment tag is present.

Using Hava to locate tags across multiple cloud accounts is a simple process that can save you hours of tedious console hopping. Get the answers in seconds.



Learn more about Hava here:


Topics: aws azure gcp tags
Team Hava

Written by Team Hava

The Hava content team