How to prepare AWS EC2 instances for Sophos Linux Sensor
Before you start
- Sophos recommends SSH direct access, but it's not required. You can optionally handle configuration through a configuration management system or features like EC2 user data.
- You don't need a custom IAM role for EC2 instances unless you want to authorize sending Alerts from SLS instances to S3 using an IAM role.
- You can provide this authorization without using an IAM role by setting an access key ID and secret access key in either environment variables or the SLS analytics configuration file on each instance.
This information was correct at the time of writing. To ensure you're following the most current steps, review the Amazon documentation. See the following:
Create security groups
You must create an Amazon EC2 security group for SLS. Do the following:
- Sign in to the Amazon EC2 console.
- Click Security Groups.
- Click Create security group*.
- Enter the Basic details for the security group.
Add the following security group rules:
Here's an example:
Type Protocol Port Range Source Description SSH TCP 22 Any SSH Custom TCP TCP 9010 Any Healthz
For this example, the Source values are set to Any. It's recommended to replace Any with the security group ID to ensure that only resources in your security group can access these ports.
You are now ready to launch your AWS EC2 instances using the Linux distributions of your choice and install SLS. See the following: