You can now tag your AWS Site-to-Site VPN connections, Virtual Private Gateways, and Customer Gateways upon creation. You can do this when creating these resources through the AWS Cloud Development Kit (CDK) or AWS Command Line Interface (CLI). By tagging resources at the time of creation, you can eliminate the need to run custom tagging scripts after resource creation. In addition, you can now set resource-level permissions when using Site-to-Site VPN APIs. This allows you to implement stronger security policies by giving you more granular control over who has access to these APIs. You can also enforce the use of tagging and control which tag keys and values are set on your resources.
Source:: Amazon AWS