How to suppress alerts based on resource tags (or other criteria)?

How to suppress alerts based on resource tags (or other criteria)?

Evident does not have a built-in feature to suppress alerts based on tags or any other custom criteria.  It is only possible to create suppression rules to suppress based on the alert's resource ID.

However, it is possible to build a solution with Evident's Integrations and API to produce the same results.  Here is an overview on this approach:

1. Create a pair of 
2. In Evident, create an Amazon SNS Integration 
3. Create an AWS Lambda Function and subscribe to the SNS Topic used for your SNS Integration
4. Within the Lambda Function, evaluate the alert based on whatever criteria you choose.  It could be the resource tag, but it can also be something more complex.  For example, if the offending security group is in a specific VPC.
5. For any alerts that you wish to suppress, create a new alert suppression rule using Evident API (https://api-docs.evident.io/#!/Suppressions/create_from_alert)

The downside to this approach is that you will have one suppression rule for each alert you suppressed, but it will achieve the desired effect of suppressing based on resource tags or other criteria.