Skip to content

Set up AWS CLI for scripts

To add environments with scripts you must first set up the AWS CLI.

Sophos provides scripts you can use with the AWS Command Line Interface (CLI) as a convenient way to add AWS accounts to Sophos Cloud Optix, add EKS clusters, delete environments, turn on remediation features, and more.

To use these scripts you must install and configure AWS CLI version 2.0.33 or later on a Linux or macOS computer.

You must do as follows:

  • Set up your AWS account to run scripts.
  • Set up the AWS CLI and run the Sophos script. You can do this on your local computer or on an EC2 instance.

See Universal Command Line Interface for Amazon Web Services.

Set up your AWS account to run scripts

You must create a new user or Identity and Access Management (IAM) role in your AWS account, with the permissions needed to run the Sophos Cloud Optix script. For convenience, you can run Sophos Cloud Optix scripts using an IAM administrator role.

If you want to run the scripts with limited permissions, you can create a custom IAM role with the specific permissions provided. See Permissions for Sophos scripts.

Set up the AWS CLI on your local computer

Do as follows:

  1. Install the AWS CLI on your Linux or macOS computer. See Getting started with the AWS CLI.
  2. Configure the AWS CLI with the IAM Role or User that you created in step 1, using access keys. See Configuring the AWS CLI.

  3. Use the AWS CLI to download the script from Sophos and run it using the command provided in Sophos Cloud Optix.

    Sophos Cloud Optix creates your script and gives you the download URL when you add an environment.

Set up the AWS CLI on an EC2 instance

Do as follows:

  1. Create a Linux EC2 instance in your AWS account, or use an existing one.
  2. Attach the IAM Role that you created in step 1 to this instance. See Attach an IAM Role to an Instance.
  3. Install the AWS CLI on your Linux EC2 instance. See Getting started with the AWS CLI.

  4. Use the AWS CLI to download the script from Sophos and run it using the command provided in Sophos Cloud Optix.

    Sophos Cloud Optix creates your script and gives you the download URL when you add an environment.