diff --git a/aws/resource_aws_nat_gateway.go b/aws/resource_aws_nat_gateway.go
index 1ec5e986e68..76045c99213 100644
--- a/aws/resource_aws_nat_gateway.go
+++ b/aws/resource_aws_nat_gateway.go
@@ -17,6 +17,7 @@ func resourceAwsNatGateway() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceAwsNatGatewayCreate,
 		Read:   resourceAwsNatGatewayRead,
+		Update: resourceAwsNatGatewayUpdate,
 		Delete: resourceAwsNatGatewayDelete,
 		Importer: &schema.ResourceImporter{
 			State: schema.ImportStatePassthrough,
@@ -52,6 +53,8 @@ func resourceAwsNatGateway() *schema.Resource {
 				Optional: true,
 				Computed: true,
 			},
+
+			"tags": tagsSchema(),
 		},
 	}
 }
@@ -90,7 +93,7 @@ func resourceAwsNatGatewayCreate(d *schema.ResourceData, meta interface{}) error
 	}
 
 	// Update our attributes and return
-	return resourceAwsNatGatewayRead(d, meta)
+	return resourceAwsNatGatewayUpdate(d, meta)
 }
 
 func resourceAwsNatGatewayRead(d *schema.ResourceData, meta interface{}) error {
@@ -125,9 +128,27 @@ func resourceAwsNatGatewayRead(d *schema.ResourceData, meta interface{}) error {
 	d.Set("private_ip", address.PrivateIp)
 	d.Set("public_ip", address.PublicIp)
 
+	// Tags
+	d.Set("tags", tagsToMap(ng.Tags))
+
 	return nil
 }
 
+func resourceAwsNatGatewayUpdate(d *schema.ResourceData, meta interface{}) error {
+	conn := meta.(*AWSClient).ec2conn
+
+	// Turn on partial mode
+	d.Partial(true)
+
+	if err := setTags(conn, d); err != nil {
+		return err
+	}
+	d.SetPartial("tags")
+
+	d.Partial(false)
+	return resourceAwsNatGatewayRead(d, meta)
+}
+
 func resourceAwsNatGatewayDelete(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).ec2conn
 	deleteOpts := &ec2.DeleteNatGatewayInput{
diff --git a/aws/resource_aws_nat_gateway_test.go b/aws/resource_aws_nat_gateway_test.go
index 4790cb7cc2d..bb838e0026e 100644
--- a/aws/resource_aws_nat_gateway_test.go
+++ b/aws/resource_aws_nat_gateway_test.go
@@ -31,6 +31,34 @@ func TestAccAWSNatGateway_basic(t *testing.T) {
 	})
 }
 
+func TestAccAWSNatGateway_tags(t *testing.T) {
+	var natGateway ec2.NatGateway
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckNatGatewayDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccNatGatewayConfigTags,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckNatGatewayExists("aws_nat_gateway.gateway", &natGateway),
+					testAccCheckTags(&natGateway.Tags, "foo", "bar"),
+				),
+			},
+
+			resource.TestStep{
+				Config: testAccNatGatewayConfigTagsUpdate,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckNatGatewayExists("aws_nat_gateway.gateway", &natGateway),
+					testAccCheckTags(&natGateway.Tags, "foo", ""),
+					testAccCheckTags(&natGateway.Tags, "bar", "baz"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckNatGatewayDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).ec2conn
 
@@ -99,65 +127,203 @@ func testAccCheckNatGatewayExists(n string, ng *ec2.NatGateway) resource.TestChe
 
 const testAccNatGatewayConfig = `
 resource "aws_vpc" "vpc" {
-    cidr_block = "10.0.0.0/16"
-		tags {
-			Name = "testAccNatGatewayConfig"
-		}
+  cidr_block = "10.0.0.0/16"
+  tags {
+    Name = "testAccNatGatewayConfig"
+  }
+}
+
+resource "aws_subnet" "private" {
+  vpc_id = "${aws_vpc.vpc.id}"
+  cidr_block = "10.0.1.0/24"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "public" {
+  vpc_id = "${aws_vpc.vpc.id}"
+  cidr_block = "10.0.2.0/24"
+  map_public_ip_on_launch = true
+}
+
+resource "aws_internet_gateway" "gw" {
+  vpc_id = "${aws_vpc.vpc.id}"
+}
+
+resource "aws_eip" "nat_gateway" {
+  vpc = true
+}
+
+// Actual SUT
+resource "aws_nat_gateway" "gateway" {
+  allocation_id = "${aws_eip.nat_gateway.id}"
+  subnet_id = "${aws_subnet.public.id}"
+
+  depends_on = ["aws_internet_gateway.gw"]
+}
+
+resource "aws_route_table" "private" {
+  vpc_id = "${aws_vpc.vpc.id}"
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    nat_gateway_id = "${aws_nat_gateway.gateway.id}"
+  }
+}
+
+resource "aws_route_table_association" "private" {
+  subnet_id = "${aws_subnet.private.id}"
+  route_table_id = "${aws_route_table.private.id}"
+}
+
+resource "aws_route_table" "public" {
+  vpc_id = "${aws_vpc.vpc.id}"
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = "${aws_internet_gateway.gw.id}"
+  }
+}
+
+resource "aws_route_table_association" "public" {
+  subnet_id = "${aws_subnet.public.id}"
+  route_table_id = "${aws_route_table.public.id}"
+}
+`
+
+const testAccNatGatewayConfigTags = `
+resource "aws_vpc" "vpc" {
+  cidr_block = "10.0.0.0/16"
+  tags {
+    Name = "testAccNatGatewayConfig"
+  }
+}
+
+resource "aws_subnet" "private" {
+  vpc_id = "${aws_vpc.vpc.id}"
+  cidr_block = "10.0.1.0/24"
+  map_public_ip_on_launch = false
+}
+
+resource "aws_subnet" "public" {
+  vpc_id = "${aws_vpc.vpc.id}"
+  cidr_block = "10.0.2.0/24"
+  map_public_ip_on_launch = true
+}
+
+resource "aws_internet_gateway" "gw" {
+  vpc_id = "${aws_vpc.vpc.id}"
+}
+
+resource "aws_eip" "nat_gateway" {
+  vpc = true
+}
+
+// Actual SUT
+resource "aws_nat_gateway" "gateway" {
+  allocation_id = "${aws_eip.nat_gateway.id}"
+  subnet_id = "${aws_subnet.public.id}"
+
+  tags {
+    foo = "bar"
+  }
+
+  depends_on = ["aws_internet_gateway.gw"]
+}
+
+resource "aws_route_table" "private" {
+  vpc_id = "${aws_vpc.vpc.id}"
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    nat_gateway_id = "${aws_nat_gateway.gateway.id}"
+  }
+}
+
+resource "aws_route_table_association" "private" {
+  subnet_id = "${aws_subnet.private.id}"
+  route_table_id = "${aws_route_table.private.id}"
+}
+
+resource "aws_route_table" "public" {
+  vpc_id = "${aws_vpc.vpc.id}"
+
+  route {
+  cidr_block = "0.0.0.0/0"
+    gateway_id = "${aws_internet_gateway.gw.id}"
+  }
+}
+
+resource "aws_route_table_association" "public" {
+  subnet_id = "${aws_subnet.public.id}"
+  route_table_id = "${aws_route_table.public.id}"
+}
+`
+
+const testAccNatGatewayConfigTagsUpdate = `
+resource "aws_vpc" "vpc" {
+  cidr_block = "10.0.0.0/16"
+  tags {
+    Name = "testAccNatGatewayConfig"
+  }
 }
 
 resource "aws_subnet" "private" {
-    vpc_id = "${aws_vpc.vpc.id}"
-    cidr_block = "10.0.1.0/24"
-    map_public_ip_on_launch = false
+  vpc_id = "${aws_vpc.vpc.id}"
+  cidr_block = "10.0.1.0/24"
+  map_public_ip_on_launch = false
 }
 
 resource "aws_subnet" "public" {
-    vpc_id = "${aws_vpc.vpc.id}"
-    cidr_block = "10.0.2.0/24"
-    map_public_ip_on_launch = true
+  vpc_id = "${aws_vpc.vpc.id}"
+  cidr_block = "10.0.2.0/24"
+  map_public_ip_on_launch = true
 }
 
 resource "aws_internet_gateway" "gw" {
-    vpc_id = "${aws_vpc.vpc.id}"
+  vpc_id = "${aws_vpc.vpc.id}"
 }
 
 resource "aws_eip" "nat_gateway" {
-    vpc = true
+  vpc = true
 }
 
 // Actual SUT
 resource "aws_nat_gateway" "gateway" {
-    allocation_id = "${aws_eip.nat_gateway.id}"
-    subnet_id = "${aws_subnet.public.id}"
+  allocation_id = "${aws_eip.nat_gateway.id}"
+  subnet_id = "${aws_subnet.public.id}"
+
+  tags {
+    bar = "baz"
+  }
 
-    depends_on = ["aws_internet_gateway.gw"]
+  depends_on = ["aws_internet_gateway.gw"]
 }
 
 resource "aws_route_table" "private" {
-    vpc_id = "${aws_vpc.vpc.id}"
+  vpc_id = "${aws_vpc.vpc.id}"
 
-    route {
-        cidr_block = "0.0.0.0/0"
-        nat_gateway_id = "${aws_nat_gateway.gateway.id}"
-    }
+  route {
+    cidr_block = "0.0.0.0/0"
+    nat_gateway_id = "${aws_nat_gateway.gateway.id}"
+  }
 }
 
 resource "aws_route_table_association" "private" {
-    subnet_id = "${aws_subnet.private.id}"
-    route_table_id = "${aws_route_table.private.id}"
+  subnet_id = "${aws_subnet.private.id}"
+  route_table_id = "${aws_route_table.private.id}"
 }
 
 resource "aws_route_table" "public" {
-    vpc_id = "${aws_vpc.vpc.id}"
+  vpc_id = "${aws_vpc.vpc.id}"
 
-    route {
-        cidr_block = "0.0.0.0/0"
-        gateway_id = "${aws_internet_gateway.gw.id}"
-    }
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = "${aws_internet_gateway.gw.id}"
+  }
 }
 
 resource "aws_route_table_association" "public" {
-    subnet_id = "${aws_subnet.public.id}"
-    route_table_id = "${aws_route_table.public.id}"
+  subnet_id = "${aws_subnet.public.id}"
+  route_table_id = "${aws_route_table.public.id}"
 }
 `
diff --git a/website/docs/r/nat_gateway.html.markdown b/website/docs/r/nat_gateway.html.markdown
index b5a397b2507..434d3652873 100644
--- a/website/docs/r/nat_gateway.html.markdown
+++ b/website/docs/r/nat_gateway.html.markdown
@@ -19,12 +19,26 @@ resource "aws_nat_gateway" "gw" {
 }
 ```
 
+Usage with tags:
+
+```hcl
+resource "aws_nat_gateway" "gw" {
+  allocation_id = "${aws_eip.nat.id}"
+  subnet_id     = "${aws_subnet.public.id}"
+
+  tags {
+    Name = "gw NAT"
+  }
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported:
 
 * `allocation_id` - (Required) The Allocation ID of the Elastic IP address for the gateway.
 * `subnet_id` - (Required) The Subnet ID of the subnet in which to place the gateway.
+* `tags` - (Optional) A mapping of tags to assign to the resource.
 
 -> **Note:** It's recommended to denote that the NAT Gateway depends on the Internet Gateway for the VPC in which the NAT Gateway's subnet is located. For example: