diff --git a/src/infra/build.ts b/src/infra/build.ts
new file mode 100644
index 0000000..01306c9
--- /dev/null
+++ b/src/infra/build.ts
@@ -0,0 +1,45 @@
+import { execFileSync } from 'node:child_process';
+
+interface GitBuildInfo {
+  /**
+   * Last git version tag
+   *
+   * @example
+   * "v6.45.0"
+   */
+  version: string;
+  /**
+   * Current git commit hash
+   *
+   * @example
+   * "e460a1bf611b9464f4c2c3feb48e4823277f14a4"
+   */
+  hash: string;
+  /**
+   * Github actions run id and attempt if it exists, otherwise ""
+   *
+   * @example
+   * "6228679664-1"
+   */
+  buildId: string;
+}
+
+let buildInfo: GitBuildInfo | undefined;
+
+/**
+ * Attempt to guess build information from the currently checked out version of the source code
+ *
+ * @returns Basic Git/Github build information
+ */
+export function getGitBuildInfo(): GitBuildInfo {
+  if (buildInfo == null) {
+    buildInfo = {
+      version: execFileSync('git', ['describe', '--tags', '--always', '--match', 'v*']).toString().trim(),
+      hash: execFileSync('git', ['rev-parse', 'HEAD']).toString().trim(),
+      buildId: process.env['GITHUB_RUN_ID']
+        ? `${process.env['GITHUB_RUN_ID']}-${process.env['GITHUB_RUN_ATTEMPT']}`
+        : '',
+    };
+  }
+  return buildInfo;
+}
diff --git a/src/infra/index.ts b/src/infra/index.ts
index d99ca4b..22e581d 100644
--- a/src/infra/index.ts
+++ b/src/infra/index.ts
@@ -1,7 +1,16 @@
-import { App } from 'aws-cdk-lib';
+import { App, Tags } from 'aws-cdk-lib';
 
+import { getGitBuildInfo } from './build.js';
 import { LdsExportCache } from './lds.export.cache.js';
 
 const app = new App();
 
-new LdsExportCache(app, 'LdsExporter', { env: { region: 'ap-southeast-2' } });
+const lambda = new LdsExportCache(app, 'LdsExporter', { env: { region: 'ap-southeast-2' } });
+
+Tags.of(lambda).add('linz:app:name', 'lds-cache');
+Tags.of(lambda).add('linz:app:version', getGitBuildInfo().version);
+Tags.of(lambda).add('linz:environment', 'prod');
+Tags.of(lambda).add('linz:git:hash', getGitBuildInfo().hash);
+if (process.env['GITHUB_REPOSITORY']) Tags.of(lambda).add('linz:git:repository', process.env['GITHUB_REPOSITORY']);
+Tags.of(lambda).add('linz:security:classification', 'unclassified');
+Tags.of(lambda).add('linz:build:id', getGitBuildInfo().buildId);
diff --git a/src/infra/lds.export.cache.ts b/src/infra/lds.export.cache.ts
index eb3eae7..287ffd7 100644
--- a/src/infra/lds.export.cache.ts
+++ b/src/infra/lds.export.cache.ts
@@ -1,5 +1,3 @@
-import { execFileSync } from 'node:child_process';
-
 import { CfnOutput, Duration, Stack, StackProps } from 'aws-cdk-lib';
 import { EventBus, Rule, Schedule } from 'aws-cdk-lib/aws-events';
 import { LambdaFunction } from 'aws-cdk-lib/aws-events-targets';
@@ -9,6 +7,8 @@ import { BlockPublicAccess, Bucket } from 'aws-cdk-lib/aws-s3';
 import { StringParameter } from 'aws-cdk-lib/aws-ssm';
 import { Construct } from 'constructs';
 
+import { getGitBuildInfo } from './build.js';
+
 export class LdsExportCache extends Stack {
   constructor(scope?: Construct, id?: string, props?: StackProps) {
     super(scope, id, props);
@@ -35,8 +35,9 @@ export class LdsExportCache extends Stack {
         KX_API_KEY: kxApiKey.stringValue,
         EVENT_BUS_ARN: eventBus.eventBusArn,
         KX_CHANGE_DAYS: '30',
-        GIT_HASH: execFileSync('git', ['rev-parse', 'HEAD']).toString().trim(),
-        GIT_VERSION: execFileSync('git', ['describe', '--tags', '--always', '--match', 'v*']).toString().trim(),
+        GIT_HASH: getGitBuildInfo().hash,
+        GIT_VERSION: getGitBuildInfo().version,
+        BUILD_ID: getGitBuildInfo().buildId,
       },
     });