SWO-GS
diff --git a/‎README.md
+42-35 b/‎README.md
+42-35
diff --git a/‎cloud_formation/event_multi_region_template/autotag_event_collector-template.json
+12 b/‎cloud_formation/event_multi_region_template/autotag_event_collector-template.json
+12
diff --git a/‎cloud_formation/event_multi_region_template/autotag_event_main-template.json
+7-2 b/‎cloud_formation/event_multi_region_template/autotag_event_main-template.json
+7-2
diff --git a/‎cloud_formation/event_multi_region_template/autotag_event_main-template.rb
+5-1 b/‎cloud_formation/event_multi_region_template/autotag_event_main-template.rb
+5-1
diff --git a/‎cloud_formation/event_single_region_template/autotag_event-template.json
+18-2 b/‎cloud_formation/event_single_region_template/autotag_event-template.json
+18-2
diff --git a/‎src/autotag_event.js
+10-2 b/‎src/autotag_event.js
+10-2
diff --git a/‎src/autotag_factory.js
+34-3 b/‎src/autotag_factory.js
+34-3
diff --git a/‎src/autotag_log.js
+11-2 b/‎src/autotag_log.js
+11-2
@@ -148,41 +148,48 @@ WARNING: When tag-able resources are created using CloudFormation __StackSets__
 
 __Tags Applied__: C=Creator, T=Create Time, I=Invoked By
 
-|Technology|Event Name|Tags Applied|IAM Deny Tag Support
-|----------|----------|------------|----------------------
-|AutoScaling Group|CreateAutoScalingGroup|C, T, I|Yes
-|AutoScaling Group Instances w/ENI & Volume|RunInstances|C, T, I|Yes
-|Data Pipeline|CreatePipeline|C, T, I|No
-|DynamoDB Table|CreateTable|C, T, I|No
-|EBS Volume|CreateVolume|C, T, I|Yes
-|EC2 AMI w/Snapshot \*|CreateImage|C, T, I|Yes
-|EC2 AMI w/Snapshot \*|CopyImage|C, T, I|Yes
-|EC2 AMI \*|RegisterImage|C, T, I|Yes
-|EC2 Elastic IP|AllocateAddress|C, T, I|Yes
-|EC2 ENI|CreateNetworkInterface|C, T, I|Yes
-|EC2 Instance w/ENI & Volume|RunInstances|C, T, I|Yes
-|EC2/VPC Security Group|CreateSecurityGroup|C, T, I|Yes
-|EC2 Snapshot \*|CreateSnapshot|C, T, I|Yes
-|EC2 Snapshot \*|CopySnapshot|C, T, I|Yes
-|EC2 Snapshot \*|ImportSnapshot|C, T, I|Yes
-|Elastic Load Balancer (v1 & v2)|CreateLoadBalancer|C, T, I|No
-|EMR Cluster|RunJobFlow|C, T, I|No
-|IAM Role|CreateRole|C, T, I|?
-|IAM User|CreateUser|C, T, I|?
-|OpsWorks Stack|CreateStack|C (Propagated to Instances)|No
-|OpsWorks Clone Stack *|CloneStack|C (Propagated to instances)|No
-|OpsWorks Stack Instances w/ENI & Volume|RunInstances|C, T, I|Yes
-|RDS Instance|CreateDBInstance|C, T, I|No
-|S3 Bucket|CreateBucket|C, T, I|No
-|NAT Gateway|CreateNatGateway||Yes
-|VPC|CreateVpc|C, T, I|Yes
-|VPC Internet Gateway|CreateInternetGateway|C, T, I|Yes
-|VPC Network ACL|CreateNetworkAcl|C, T, I|Yes
-|VPC Peering Connection|CreateVpcPeeringConnection|C, T, I|Yes
-|VPC Route Table|CreateRouteTable|C, T, I|Yes
-|VPC Subnet|CreateSubnet|C, T, I|Yes
-|VPN Connection|CreateVpnConnection|C, T, I|Yes
-
+|Technology                 |Event Name            |Tags Applied|IAM Deny Tag Support
+|---------------------------|----------------------|------------|---
+|AutoScaling Group          |CreateAutoScalingGroup|C, T, I     |Yes
+|ASG Instances w/ENI & Vol  |RunInstances          |C, T, I     |Yes
+|Data Pipeline              |CreatePipeline        |C, T, I     |No
+|DynamoDB Table             |CreateTable           |C, T, I     |No
+|CloudWatch Alarm ?         |PutMetricAlarm        |C, T, I     |?
+|CloudWatch Events Rule ?   |PutRule               |C, T, I     |?
+|CloudWatch Log Group ?     |CreateLogGroup        |C, T, I     |?
+|EBS Volume                 |CreateVolume          |C, T, I     |Yes
+|EC2 AMI w/Snapshot \*      |CreateImage           |C, T, I     |Yes
+|EC2 AMI w/Snapshot \*      |CopyImage             |C, T, I     |Yes
+|EC2 AMI \*                 |RegisterImage         |C, T, I     |Yes
+|EC2 Customer Gateway ?     |CreateCustomerGateway |C, T, I     |?
+|EC2 DHCP Options ?         |CreateDhcpOptions     |C, T, I     |?
+|EC2 Elastic IP             |AllocateAddress       |C, T, I     |Yes
+|EC2 ENI                    |CreateNetworkInterface|C, T, I     |Yes
+|EC2 Instance w/ENI & Volume|RunInstances          |C, T, I     |Yes
+|EC2/VPC Security Group     |CreateSecurityGroup   |C, T, I     |Yes
+|EC2 Snapshot \*            |CreateSnapshot        |C, T, I     |Yes
+|EC2 Snapshot \*            |CopySnapshot          |C, T, I     |Yes
+|EC2 Snapshot \*            |ImportSnapshot        |C, T, I     |Yes
+|Elastic LB (v1 & v2)       |CreateLoadBalancer    |C, T, I     |No
+|EMR Cluster                |RunJobFlow            |C, T, I     |No
+|IAM Role                   |CreateRole            |C, T, I     |?
+|IAM User                   |CreateUser            |C, T, I     |?
+|Lambda Function ?          |CreateFunction20150331|C, T, I     |?
+|Lambda Function ?          |CreateFunction20141111|C, T, I     |?
+|OpsWorks Stack             |CreateStack           |C           |No
+|OpsWorks Clone Stack *     |CloneStack            |C           |No
+|OpsWorks Instances w/ENI & Vol|RunInstances       |C, T, I     |Yes
+|RDS Instance               |CreateDBInstance      |C, T, I     |No
+|S3 Bucket                  |CreateBucket          |C, T, I     |No
+|NAT Gateway                |CreateNatGateway      |C, T, I     |Yes
+|VPC                        |CreateVpc             |C, T, I     |Yes
+|VPC Internet Gateway       |CreateInternetGateway |C, T, I     |Yes
+|VPC Network ACL            |CreateNetworkAcl      |C, T, I     |Yes
+|VPC Peering Connection     |CreateVpcPeeringConnection|C, T, I |Yes
+|VPC Route Table            |CreateRouteTable      |C, T, I     |Yes
+|VPC Subnet                 |CreateSubnet          |C, T, I     |Yes
+|VPN Connection             |CreateVpnConnection   |C, T, I     |Yes
+|VPN Gateway ?              |CreateVpnGateway      |C, T, I     |?
 _*=not tested by the test suite_
 
 
 
@@ -26,9 +26,13 @@
               "datapipeline.amazonaws.com",
               "dynamodb.amazonaws.com",
               "ec2.amazonaws.com",
+              "events.amazonaws.com",
               "elasticloadbalancing.amazonaws.com",
               "elasticmapreduce.amazonaws.com",
               "iam.amazonaws.com",
+              "lambda.amazonaws.com",
+              "logs.amazonaws.com",
+              "monitoring.amazonaws.com",
               "opsworks.amazonaws.com",
               "rds.amazonaws.com",
               "s3.amazonaws.com"
@@ -40,10 +44,15 @@
               "CopySnapshot",
               "CreateAutoScalingGroup",
               "CreateBucket",
+              "CreateCustomerGateway",
               "CreateDBInstance",
+              "CreateDhcpOptions",
+              "CreateFunction20150331",
+              "CreateFunction20141111",
               "CreateImage",
               "CreateInternetGateway",
               "CreateLoadBalancer",
+              "CreateLogGroup",
               "CreateNatGateway",
               "CreateNetworkAcl",
               "CreateNetworkInterface",
@@ -59,8 +68,11 @@
               "CreateVolume",
               "CreateVpc",
               "CreateVpnConnection",
+              "CreateVpnGateway",
               "CreateVpcPeeringConnection",
               "ImportSnapshot",
+              "PutMetricAlarm",
+              "PutRule",
               "RegisterImage",
               "RunInstances",
               "RunJobFlow"
 
@@ -244,22 +244,27 @@
                 "autoscaling:DescribeAutoScalingGroups",
                 "autoscaling:DescribeAutoScalingInstances",
                 "autoscaling:DescribeTags",
+                "cloudwatch:TagResource",
                 "datapipeline:AddTags",
                 "dynamodb:ListTagsOfResource",
                 "dynamodb:TagResource",
                 "ec2:CreateTags",
                 "ec2:DescribeInstances",
                 "ec2:DescribeSnapshots",
+                "events:TagResource",
                 "elasticloadbalancing:AddTags",
                 "elasticmapreduce:AddTags",
+                "iam:TagRole",
+                "iam:TagUser",
+                "lambda:TagResource",
+                "logs:TagLogGroup",
                 "opsworks:DescribeInstances",
                 "opsworks:DescribeStacks",
                 "opsworks:ListTags",
                 "opsworks:TagResource",
                 "rds:AddTagsToResource",
                 "s3:GetBucketTagging",
-                "s3:PutBucketTagging",
-                "iam:Tag*"
+                "s3:PutBucketTagging"
               ],
               "Resource": [
                 "*"
 
@@ -152,22 +152,26 @@
             autoscaling:DescribeAutoScalingGroups
             autoscaling:DescribeAutoScalingInstances
             autoscaling:DescribeTags
+            cloudwatch:TagResource
             datapipeline:AddTags
             dynamodb:ListTagsOfResource
             dynamodb:TagResource
             ec2:CreateTags
             ec2:DescribeInstances
             ec2:DescribeSnapshots
+            events:TagResource
             elasticloadbalancing:AddTags
             elasticmapreduce:AddTags
+            iam:TagRole
+            iam:TagUser
+            lambda:TagResource
             opsworks:DescribeInstances
             opsworks:DescribeStacks
             opsworks:ListTags
             opsworks:TagResource
             rds:AddTagsToResource
             s3:GetBucketTagging
             s3:PutBucketTagging
-            iam:Tag*
           ],
           Resource: ['*']
         }
 
@@ -173,22 +173,26 @@
                 "autoscaling:DescribeAutoScalingGroups",
                 "autoscaling:DescribeAutoScalingInstances",
                 "autoscaling:DescribeTags",
+                "cloudwatch:TagResource",
                 "datapipeline:AddTags",
                 "dynamodb:ListTagsOfResource",
                 "dynamodb:TagResource",
                 "ec2:CreateTags",
                 "ec2:DescribeInstances",
                 "ec2:DescribeSnapshots",
+                "events:TagResource",
                 "elasticloadbalancing:AddTags",
                 "elasticmapreduce:AddTags",
+                "iam:TagRole",
+                "iam:TagUser",
+                "lambda:TagResource",
                 "rds:AddTagsToResource",
                 "opsworks:DescribeInstances",
                 "opsworks:DescribeStacks",
                 "opsworks:ListTags",
                 "opsworks:TagResource",
                 "s3:GetBucketTagging",
-                "s3:PutBucketTagging",
-                "iam:Tag*"
+                "s3:PutBucketTagging"
               ],
               "Resource": [ "*" ]
             }
@@ -222,9 +226,13 @@
               "datapipeline.amazonaws.com",
               "dynamodb.amazonaws.com",
               "ec2.amazonaws.com",
+              "events.amazonaws.com",
               "elasticloadbalancing.amazonaws.com",
               "elasticmapreduce.amazonaws.com",
               "iam.amazonaws.com",
+              "lambda.amazonaws.com",
+              "logs.amazonaws.com",
+              "monitoring.amazonaws.com",
               "opsworks.amazonaws.com",
               "rds.amazonaws.com",
               "s3.amazonaws.com"
@@ -236,10 +244,15 @@
               "CopySnapshot",
               "CreateAutoScalingGroup",
               "CreateBucket",
+              "CreateCustomerGateway",
               "CreateDBInstance",
+              "CreateDhcpOptions",
+              "CreateFunction20150331",
+              "CreateFunction20141111",
               "CreateImage",
               "CreateInternetGateway",
               "CreateLoadBalancer",
+              "CreateLogGroup",
               "CreateNatGateway",
               "CreateNetworkAcl",
               "CreateNetworkInterface",
@@ -255,8 +268,11 @@
               "CreateVolume",
               "CreateVpc",
               "CreateVpnConnection",
+              "CreateVpnGateway",
               "CreateVpcPeeringConnection",
               "ImportSnapshot",
+              "PutMetricAlarm",
+              "PutRule",
               "RegisterImage",
               "RunInstances",
               "RunJobFlow"
 
@@ -31,11 +31,19 @@ export const handler = async (cloudtrailEvent, context) => {
     AwsCloudTrailEventListener.NETWORK_ACL.name,
     AwsCloudTrailEventListener.ROUTE_TABLE.name,
     AwsCloudTrailEventListener.VPC_PEERING.name,
-    AwsCloudTrailEventListener.VPN.name,
+    AwsCloudTrailEventListener.VPN_CONNECTION.name,
+    AwsCloudTrailEventListener.VPN_GATEWAY.name,
     AwsCloudTrailEventListener.OPS_WORKS.name,
     AwsCloudTrailEventListener.OPS_WORKS_CLONE.name,
     AwsCloudTrailEventListener.IAM_USER.name,
-    AwsCloudTrailEventListener.IAM_ROLE.name
+    AwsCloudTrailEventListener.IAM_ROLE.name,
+    AwsCloudTrailEventListener.CUSTOMER_GATEWAY.name,
+    AwsCloudTrailEventListener.DHCP_OPTIONS.name,
+    AwsCloudTrailEventListener.LAMBDA_FUNCTION_2015.name,
+    AwsCloudTrailEventListener.LAMBDA_FUNCTION_2014.name,
+    AwsCloudTrailEventListener.CLOUDWATCH_ALARM.name,
+    AwsCloudTrailEventListener.CLOUDWATCH_EVENTS_RULE.name,
+    AwsCloudTrailEventListener.CLOUDWATCH_LOG_GROUP.name
   ];
 
   const listener = new AwsCloudTrailEventListener(cloudtrailEvent, context, enabledListeners);
 
@@ -22,10 +22,17 @@ import AutotagNATGatewayWorker from './workers/autotag_nat_gateway_worker';
 import AutotagNetworkACLWorker from './workers/autotag_network_acl_worker';
 import AutotagRouteTableWorker from './workers/autotag_route_table_worker';
 import AutotagVPCPeeringWorker from './workers/autotag_vpc_peering_worker';
-import AutotagVPNWorker from './workers/autotag_vpn_worker';
+import AutotagVPNConnectionWorker from './workers/autotag_vpn_connection_worker';
+import AutotagVPNGatewayWorker from './workers/autotag_vpn_gateway_worker';
 import AutotagOpsworksWorker from './workers/autotag_opsworks_worker';
 import AutotagIAMUserWorker from './workers/autotag_iam_user_worker';
 import AutotagIAMRoleWorker from './workers/autotag_iam_role_worker';
+import AutotagCustomerGatewayWorker from './workers/autotag_customer_gateway_worker';
+import AutotagDhcpOptionsWorker from './workers/autotag_dhcp_options_worker';
+import AutotagLambdaFunctionWorker from './workers/autotag_lambda_function_worker';
+import AutotagCloudwatchAlarmWorker from './workers/autotag_cw_alarm_worker';
+import AutotagCloudwatchEventsRuleWorker from './workers/autotag_cw_events_rule_worker';
+import AutotagCloudwatchLogGroupWorker from './workers/autotag_cw_loggroup_worker';
 import CONFIG from './cloud_trail_event_config';
 
 const AutotagFactory = {
@@ -117,8 +124,11 @@ const AutotagFactory = {
       case CONFIG.VPC_PEERING.name:
         return new AutotagVPCPeeringWorker(event, s3Region);
 
-      case CONFIG.VPN.name:
-        return new AutotagVPNWorker(event, s3Region);
+      case CONFIG.VPN_CONNECTION.name:
+        return new AutotagVPNConnectionWorker(event, s3Region);
+
+      case CONFIG.VPN_GATEWAY.name:
+        return new AutotagVPNGatewayWorker(event, s3Region);
 
       case CONFIG.OPS_WORKS.name:
         return new AutotagOpsworksWorker(event, s3Region);
@@ -132,6 +142,27 @@ const AutotagFactory = {
       case CONFIG.IAM_ROLE.name:
         return new AutotagIAMRoleWorker(event, s3Region);
 
+      case CONFIG.CUSTOMER_GATEWAY.name:
+        return new AutotagCustomerGatewayWorker(event, s3Region);
+
+      case CONFIG.DHCP_OPTIONS.name:
+        return new AutotagDhcpOptionsWorker(event, s3Region);
+
+      case CONFIG.LAMBDA_FUNCTION_2015.name:
+        return new AutotagLambdaFunctionWorker(event, s3Region);
+
+      case CONFIG.LAMBDA_FUNCTION_2014.name:
+        return new AutotagLambdaFunctionWorker(event, s3Region);
+
+      case CONFIG.CLOUDWATCH_ALARM.name:
+        return new AutotagCloudwatchAlarmWorker(event, s3Region);
+
+      case CONFIG.CLOUDWATCH_EVENTS_RULE.name:
+        return new AutotagCloudwatchEventsRuleWorker(event, s3Region);
+
+      case CONFIG.CLOUDWATCH_LOG_GROUP.name:
+        return new AutotagCloudwatchLogGroupWorker(event, s3Region);
+
       // Default: worker that does nothing
       default:
         return new AutotagDefaultWorker(event, s3Region);
 
@@ -31,11 +31,20 @@ export const handler = async (cloudtrailEvent, context) => {
     AwsCloudTrailLogListener.NETWORK_ACL.name,
     AwsCloudTrailLogListener.ROUTE_TABLE.name,
     AwsCloudTrailLogListener.VPC_PEERING.name,
-    AwsCloudTrailLogListener.VPN.name,
+    AwsCloudTrailLogListener.VPN_CONNECTION.name,
+    AwsCloudTrailLogListener.VPN_GATEWAY.name,
     AwsCloudTrailLogListener.OPS_WORKS.name,
     AwsCloudTrailLogListener.OPS_WORKS_CLONE.name,
     AwsCloudTrailLogListener.IAM_USER.name,
-    AwsCloudTrailLogListener.IAM_ROLE.name
+    AwsCloudTrailLogListener.IAM_ROLE.name,
+    AwsCloudTrailLogListener.CUSTOMER_GATEWAY.name,
+    AwsCloudTrailLogListener.DHCP_OPTIONS.name,
+    AwsCloudTrailLogListener.LAMBDA_FUNCTION_2015.name,
+    AwsCloudTrailLogListener.LAMBDA_FUNCTION_2014.name,
+    AwsCloudTrailLogListener.CLOUDWATCH_ALARM.name,
+    AwsCloudTrailLogListener.CLOUDWATCH_EVENTS_RULE.name,
+    AwsCloudTrailLogListener.CLOUDWATCH_LOG_GROUP.name
+
   ];
 
   const listener = new AwsCloudTrailLogListener(cloudtrailEvent, context, enabledListeners);