How to prepare AWS EC2 instances for Sophos Linux Sensor

Before you start

Sophos recommends SSH direct access, but it's not required. You can optionally handle configuration through a configuration management system or features like EC2 user data.
You don't need a custom IAM role for EC2 instances unless you want to authorize sending Alerts from SLS instances to S3 using an IAM role.
- You can provide this authorization without using an IAM role by setting an access key ID and secret access key in either environment variables or the SLS analytics configuration file on each instance.

Warning

This information was correct at the time of writing. To ensure you're following the most current steps, review the Amazon documentation. See the following:

Create security groups

You must create an Amazon EC2 security group for SLS. Do the following:

Sign in to the Amazon EC2 console.
Click Security Groups.
Click Create security group*.
Enter the Basic details for the security group.
Add the following security group rules:

Here's an example:

Type Protocol Port Range Source Description
SSH TCP 22 Any SSH
Custom TCP TCP 9010 Any Healthz

Note

For this example, the Source values are set to Any. It's recommended to replace Any with the security group ID to ensure that only resources in your security group can access these ports.

You are now ready to launch your AWS EC2 instances using the Linux distributions of your choice and install SLS. See the following:

Installing Sophos Linux Sensor

Type	Protocol	Port Range	Source	Description
SSH	TCP	22	Any	SSH
Custom TCP	TCP	9010	Any	Healthz