diff --git a/terraform/infrastructure/azure/main.tf b/terraform/infrastructure/azure/main.tf
index 5b28b6c1a..51e8ea93d 100644
--- a/terraform/infrastructure/azure/main.tf
+++ b/terraform/infrastructure/azure/main.tf
@@ -75,6 +75,8 @@ resource "azurerm_attestation_provider" "attestation_provider" {
     # Related issue: https://github.com/hashicorp/terraform-provider-azurerm/issues/21998
     ignore_changes = [open_enclave_policy_base64, sgx_enclave_policy_base64, tpm_policy_base64, sev_snp_policy_base64]
   }
+
+  tags = var.additional_tags
 }
 
 resource "azurerm_public_ip" "loadbalancer_ip" {
@@ -85,7 +87,7 @@ resource "azurerm_public_ip" "loadbalancer_ip" {
   location            = var.location
   allocation_method   = "Static"
   sku                 = "Standard"
-  tags                = local.tags
+  tags                = merge(local.tags, var.additional_tags)
 
   lifecycle {
     ignore_changes = [name]
@@ -103,6 +105,7 @@ data "azurerm_public_ip" "loadbalancer_ip" {
   name                = "${local.name}-lb"
   resource_group_name = var.resource_group
   depends_on          = [azurerm_public_ip.loadbalancer_ip]
+  tags = var.additional_tags
 }
 
 resource "azurerm_public_ip" "nat_gateway_ip" {
@@ -111,7 +114,7 @@ resource "azurerm_public_ip" "nat_gateway_ip" {
   location            = var.location
   allocation_method   = "Static"
   sku                 = "Standard"
-  tags                = local.tags
+  tags                = merge(local.tags, var.additional_tags)
 }
 
 resource "azurerm_nat_gateway" "gateway" {
@@ -120,16 +123,19 @@ resource "azurerm_nat_gateway" "gateway" {
   resource_group_name     = var.resource_group
   sku_name                = "Standard"
   idle_timeout_in_minutes = 10
+  tags = var.additional_tags
 }
 
 resource "azurerm_subnet_nat_gateway_association" "example" {
   nat_gateway_id = azurerm_nat_gateway.gateway.id
   subnet_id      = azurerm_subnet.node_subnet.id
+  tags = var.additional_tags
 }
 
 resource "azurerm_nat_gateway_public_ip_association" "example" {
   nat_gateway_id       = azurerm_nat_gateway.gateway.id
   public_ip_address_id = azurerm_public_ip.nat_gateway_ip.id
+  tags = var.additional_tags
 }
 
 resource "azurerm_lb" "loadbalancer" {
@@ -137,7 +143,7 @@ resource "azurerm_lb" "loadbalancer" {
   location            = var.location
   resource_group_name = var.resource_group
   sku                 = "Standard"
-  tags                = local.tags
+  tags                = merge(local.tags, var.additional_tags)
 
   dynamic "frontend_ip_configuration" {
     for_each = var.internal_load_balancer ? [] : [1]
@@ -164,6 +170,7 @@ module "loadbalancer_backend_control_plane" {
   loadbalancer_id                = azurerm_lb.loadbalancer.id
   frontend_ip_configuration_name = azurerm_lb.loadbalancer.frontend_ip_configuration[0].name
   ports                          = local.ports
+  tags = var.additional_tags
 }
 
 module "loadbalancer_backend_worker" {
@@ -173,11 +180,13 @@ module "loadbalancer_backend_worker" {
   loadbalancer_id                = azurerm_lb.loadbalancer.id
   frontend_ip_configuration_name = azurerm_lb.loadbalancer.frontend_ip_configuration[0].name
   ports                          = []
+  tags = var.additional_tags
 }
 
 resource "azurerm_lb_backend_address_pool" "all" {
   loadbalancer_id = azurerm_lb.loadbalancer.id
   name            = "${var.name}-all"
+  tags = var.additional_tags
 }
 
 resource "azurerm_virtual_network" "network" {
@@ -185,7 +194,7 @@ resource "azurerm_virtual_network" "network" {
   resource_group_name = var.resource_group
   location            = var.location
   address_space       = ["10.0.0.0/8"]
-  tags                = local.tags
+  tags                = merge(local.tags, var.additional_tags)
 }
 
 resource "azurerm_subnet" "loadbalancer_subnet" {
@@ -194,6 +203,7 @@ resource "azurerm_subnet" "loadbalancer_subnet" {
   resource_group_name  = var.resource_group
   virtual_network_name = azurerm_virtual_network.network.name
   address_prefixes     = ["10.10.0.0/16"]
+  tags = var.additional_tags
 }
 
 resource "azurerm_subnet" "node_subnet" {
@@ -201,13 +211,14 @@ resource "azurerm_subnet" "node_subnet" {
   resource_group_name  = var.resource_group
   virtual_network_name = azurerm_virtual_network.network.name
   address_prefixes     = [local.cidr_vpc_subnet_nodes]
+  tags = var.additional_tags
 }
 
 resource "azurerm_network_security_group" "security_group" {
   name                = local.name
   location            = var.location
   resource_group_name = var.resource_group
-  tags                = local.tags
+  tags                = merge(local.tags, var.additional_tags)
 
   dynamic "security_rule" {
     for_each = concat(
@@ -237,6 +248,7 @@ module "scale_set_group" {
   zones           = each.value.zones
   tags = merge(
     local.tags,
+    var.additional_tags,
     { constellation-init-secret-hash = local.init_secret_hash },
     { constellation-maa-url = var.create_maa ? azurerm_attestation_provider.attestation_provider[0].attestation_uri : "" },
   )
@@ -272,6 +284,7 @@ module "jump_host" {
   subnet_id      = azurerm_subnet.loadbalancer_subnet[0].id
   ports          = [for port in local.ports : port.port]
   lb_internal_ip = azurerm_lb.loadbalancer.frontend_ip_configuration[0].private_ip_address
+  tags = var.additional_tags
 }
 
 data "azurerm_subscription" "current" {
diff --git a/terraform/infrastructure/azure/modules/jump_host/main.tf b/terraform/infrastructure/azure/modules/jump_host/main.tf
index 74a540588..9dadc3c52 100644
--- a/terraform/infrastructure/azure/modules/jump_host/main.tf
+++ b/terraform/infrastructure/azure/modules/jump_host/main.tf
@@ -3,6 +3,7 @@ resource "azurerm_linux_virtual_machine" "jump_host" {
   resource_group_name = var.resource_group
   location            = var.location
   size                = "Standard_D2as_v5"
+  tags = var.tags
 
   network_interface_ids = [
     azurerm_network_interface.jump_host.id,
@@ -63,6 +64,7 @@ resource "azurerm_network_interface" "jump_host" {
   name                = "${var.base_name}-jump-host"
   resource_group_name = var.resource_group
   location            = var.location
+  tags = var.tags
 
   ip_configuration {
     name                          = "public"
@@ -77,6 +79,7 @@ resource "azurerm_public_ip" "jump_host" {
   resource_group_name = var.resource_group
   location            = var.location
   allocation_method   = "Dynamic"
+  tags = var.tags
 }
 
 resource "tls_private_key" "ssh_key" {
diff --git a/terraform/infrastructure/azure/modules/jump_host/variables.tf b/terraform/infrastructure/azure/modules/jump_host/variables.tf
index 55f363a54..9946aa22f 100644
--- a/terraform/infrastructure/azure/modules/jump_host/variables.tf
+++ b/terraform/infrastructure/azure/modules/jump_host/variables.tf
@@ -27,3 +27,8 @@ variable "location" {
   description = "Location to deploy the jump host into."
   type        = string
 }
+
+variable "tags" {
+  description = "Tags of the jump host."
+  type = map
+}
diff --git a/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf b/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf
index c82917824..7726851ec 100644
--- a/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf
+++ b/terraform/infrastructure/azure/modules/load_balancer_backend/main.tf
@@ -10,6 +10,7 @@ terraform {
 resource "azurerm_lb_backend_address_pool" "backend_pool" {
   loadbalancer_id = var.loadbalancer_id
   name            = var.name
+  tags = var.tags
 }
 
 resource "azurerm_lb_probe" "health_probes" {
@@ -21,6 +22,7 @@ resource "azurerm_lb_probe" "health_probes" {
   protocol            = each.value.health_check_protocol
   request_path        = each.value.path
   interval_in_seconds = 5
+  tags = var.tags
 }
 
 resource "azurerm_lb_rule" "rules" {
@@ -35,4 +37,5 @@ resource "azurerm_lb_rule" "rules" {
   backend_address_pool_ids       = [azurerm_lb_backend_address_pool.backend_pool.id]
   probe_id                       = each.value.id
   disable_outbound_snat          = true
+  tags = var.tags
 }
diff --git a/terraform/infrastructure/azure/modules/load_balancer_backend/variables.tf b/terraform/infrastructure/azure/modules/load_balancer_backend/variables.tf
index aa1128366..8f0a1bf00 100644
--- a/terraform/infrastructure/azure/modules/load_balancer_backend/variables.tf
+++ b/terraform/infrastructure/azure/modules/load_balancer_backend/variables.tf
@@ -23,3 +23,8 @@ variable "ports" {
   }))
   description = "Ports to add to the backend. Healtch check protocol can be either 'Tcp' or 'Https'. Path is only used for the 'Https' protocol and can otherwise be null."
 }
+
+variable "tags" {
+  type = map
+  description = "Tags of the load balancer."
+}
diff --git a/terraform/infrastructure/azure/variables.tf b/terraform/infrastructure/azure/variables.tf
index 87786c71a..b85448b7b 100644
--- a/terraform/infrastructure/azure/variables.tf
+++ b/terraform/infrastructure/azure/variables.tf
@@ -89,3 +89,8 @@ variable "marketplace_image" {
   default     = null
   description = "Marketplace image for the cluster's nodes."
 }
+
+variable "additional_tags" {
+  type = map
+  description = "Additional tags that should be applied to created resources."
+}