diff --git a/AWS/Terraform/main.tf b/AWS/Terraform/main.tf
index 52fb98e..1ebdc4c 100644
--- a/AWS/Terraform/main.tf
+++ b/AWS/Terraform/main.tf
@@ -8,11 +8,13 @@ provider "aws" {
 # Create a VPC to launch our instances into
 resource "aws_vpc" "default" {
   cidr_block = "192.168.0.0/16"
+  tags = var.custom-tags
 }
 
 # Create an internet gateway to give our subnet access to the outside world
 resource "aws_internet_gateway" "default" {
   vpc_id = aws_vpc.default.id
+  tags = var.custom-tags
 }
 
 # Grant the VPC internet access on its main route table
@@ -28,6 +30,7 @@ resource "aws_subnet" "default" {
   cidr_block              = "192.168.38.0/24"
   availability_zone       = var.availability_zone
   map_public_ip_on_launch = true
+  tags = var.custom-tags
 }
 
 # Adjust VPC DNS settings to not conflict with lab
@@ -35,6 +38,7 @@ resource "aws_vpc_dhcp_options" "default" {
   domain_name          = "windomain.local"
   domain_name_servers  = concat([aws_instance.dc.private_ip], var.external_dns_servers)
   netbios_name_servers = [aws_instance.dc.private_ip]
+  tags = var.custom-tags
 }
 
 resource "aws_vpc_dhcp_options_association" "default" {
@@ -47,6 +51,7 @@ resource "aws_security_group" "logger" {
   name        = "logger_security_group"
   description = "DetectionLab: Security Group for the logger host"
   vpc_id      = aws_vpc.default.id
+  tags = var.custom-tags
 
   # SSH access
   ingress {
@@ -107,6 +112,7 @@ resource "aws_security_group" "windows" {
   name        = "windows_security_group"
   description = "DetectionLab: Security group for the Windows hosts"
   vpc_id      = aws_vpc.default.id
+  tags = var.custom-tags
 
   # RDP
   ingress {
@@ -152,15 +158,16 @@ resource "aws_security_group" "windows" {
 resource "aws_key_pair" "auth" {
   key_name   = var.public_key_name
   public_key = file(var.public_key_path)
+  tags = var.custom-tags
 }
 
 resource "aws_instance" "logger" {
   instance_type = "t3.medium"
   ami           = coalesce(var.logger_ami, data.aws_ami.logger_ami.image_id)
 
-  tags = {
-    Name = "logger"
-  }
+  tags = merge(var.custom-tags, map(
+    "Name", "${var.instance_name_prefix}logger"
+  ))
 
   subnet_id              = aws_subnet.default.id
   vpc_security_group_ids = [aws_security_group.logger.id]
@@ -222,9 +229,9 @@ resource "aws_instance" "dc" {
   # Uses the local variable if external data source resolution fails
   ami = coalesce(var.dc_ami, data.aws_ami.dc_ami.image_id)
 
-  tags = {
-    Name = "dc.windomain.local"
-  }
+  tags = merge(var.custom-tags, map(
+    "Name", "${var.instance_name_prefix}dc.windomain.local"
+  ))
 
   subnet_id              = aws_subnet.default.id
   vpc_security_group_ids = [aws_security_group.windows.id]
@@ -257,9 +264,9 @@ resource "aws_instance" "wef" {
   # Uses the local variable if external data source resolution fails
   ami = coalesce(var.wef_ami, data.aws_ami.wef_ami.image_id)
 
-  tags = {
-    Name = "wef.windomain.local"
-  }
+  tags = merge(var.custom-tags, map(
+    "Name", "${var.instance_name_prefix}wef.windomain.local"
+  ))
 
   subnet_id              = aws_subnet.default.id
   vpc_security_group_ids = [aws_security_group.windows.id]
@@ -292,9 +299,9 @@ resource "aws_instance" "win10" {
   # Uses the local variable if external data source resolution fails
   ami = coalesce(var.win10_ami, data.aws_ami.win10_ami.image_id)
 
-  tags = {
-    Name = "win10.windomain.local"
-  }
+  tags = merge(var.custom-tags, map(
+    "Name", "${var.instance_name_prefix}win10.windomain.local"
+  ))
 
   subnet_id              = aws_subnet.default.id
   vpc_security_group_ids = [aws_security_group.windows.id]
@@ -304,4 +311,3 @@ resource "aws_instance" "win10" {
     delete_on_termination = true
   }
 }
-
diff --git a/AWS/Terraform/terraform.tfvars.example b/AWS/Terraform/terraform.tfvars.example
index 56a3c38..1f09645 100644
--- a/AWS/Terraform/terraform.tfvars.example
+++ b/AWS/Terraform/terraform.tfvars.example
@@ -6,3 +6,5 @@ public_key_path = "/home/user/.ssh/id_logger.pub"
 private_key_path = "/home/user/.ssh/id_logger"
 ip_whitelist = ["1.2.3.4/32"]
 availability_zone = "us-west-1b"
+// instance_name_prefix = "some_prefix_"
+// custom-tags = {"tag_name": "tag_value"}
diff --git a/AWS/Terraform/variables.tf b/AWS/Terraform/variables.tf
index 3371d49..97ebde2 100644
--- a/AWS/Terraform/variables.tf
+++ b/AWS/Terraform/variables.tf
@@ -6,6 +6,17 @@ variable "profile" {
   default = "terraform"
 }
 
+variable "custom-tags" {
+  type = map(string)
+  description = "Optional mapping for additional tags to apply to all related AWS resources"
+  default = {}
+}
+
+variable "instance_name_prefix" {
+  description = "Optional string to prefix at the front of instance names in case you need to run multiple DetectionLab environments in the same AWS account"
+  default     = ""
+}
+
 variable "availability_zone" {
   description = "https://www.terraform.io/docs/providers/aws/d/availability_zone.html"
   default     = ""
@@ -109,4 +120,3 @@ variable "win10_ami" {
   type    = string
   default = ""
 }
-