Amazon Web Services Accounts

You can associate your AWS accounts with your Sophos Central account.

On the Settings > Connect AWS Accounts page, you can associate your AWS accounts with your Sophos Central account. This gives you improved management of Sophos Server Protection on AWS EC2 instances and S3 storage buckets.

When you add an AWS account on this page, Sophos Central will do as follows:

  • Display AWS instance details.
  • Remove terminated AWS instances from the list automatically.
  • Let you apply server policies to Auto Scaling Groups.
  • Assess the security of your S3 storage buckets.

To associate an AWS Account with Sophos Central:

  1. Click Add (on the right of the page).
  2. In the Connect to AWS dialog:
    1. Enter a Friendly Connection Name. This will be used to refer to the account in Sophos Central.
    2. Add a new IAM Role in your AWS console.
    3. Enter the Amazon Resource Name (ARN) for the AWS account that you want to connect to.
    4. Select Connect.
    Sophos Central attempts to verify the credentials. While this happens, the account connection health shows a refresh icon.
  3. When the page is refreshed, the account has either connected successfully, is still attempting connection or has failed.

    If the connection fails see Troubleshooting Sophos Central connections to AWS and Creating an IAM Role for Sophos Central.

When you have added the AWS account:

  • AWS instances are listed on the Servers on AWS page, on the AWS Instances tab. Instances without a Sophos Agent installed are only shown here.
  • AWS instances with a Sophos agent installed are listed on the Servers page.
  • AWS Auto Scaling Groups are listed on the Server Groups page. The number of instances with an installed Sophos agent is indicated for the group.
  • Policies assigned to AWS Auto Scaling Groups are automatically assigned to instances that are in that group and have a Sophos agent installed.
  • Your S3 storage buckets are assessed and assigned a health status.