I understand that you want to detect untagged resources.
In your scenario, it's better to use AWS Config instead of CloudWatch alarms.
AWS Config can check the customized compliance status of resources and notify administrators.
In particular, the required-tag managed rules provided by AWS will be useful to you. It is also possible to expand the range of support for various resources by creating your own custom rules.
Either way, AWS Config is for you.
Alarm for resource created without tagasked 5 months ago
EC2: Tagging Metadata (Get Tag Created Date/Time)asked 5 days ago
Unable to create Tag to restrict resource deploymentasked 8 months ago
cloudwatch alarm setup by resource groupasked 8 months ago
Alarm on EC2 metrics without specifying instanceID dimensionAccepted Answerasked 2 months ago
create one cloudwatch alarm for multiple instancesasked 3 months ago
CloudWatch alarm for API calls without MFAasked 3 months ago
Tag enforcement while creating a new resourceAccepted Answerasked 2 years ago
AWS CloudFormation CloudWatch Alarm Issueasked 3 months ago
Possible to editing alarm name and delete created metrics in CloudwatchAccepted Answerasked 5 months ago