Skip to content

Use AWS Organizations

You can use our assistant to add AWS environments if you use AWS Organizations or AWS Control Tower.

When adding AWS environments with AWS Organizations the assistant prompts you to make choices and provide information. The assistant fills in the parameters needed to create the stack in AWS.

You can choose to create an AWS CloudTrail trail as you add the AWS accounts, or use existing CloudTrail trails.

You can find background information about the tasks you may need to complete, and the parameters that are used, in this document.

Collect information

Before creating AWS CloudFormation StackSets you must collect information from your Sophos Cloud Optix account. This is used later in the AWS Create StackSet assistant.

  1. Sign in to your Sophos Cloud Optix account.
  2. Click Add Environments > AWS > Full Setup > CloudFormation.
  3. Select Add multiple AWS Accounts and choose whether you're using AWS Organizations, an existing CloudTrail aggregation, or both.
  4. If you chose Use existing CloudTrail aggregation, fill in the S3 details.
  5. Click Continue.
  6. In Add your cloud environment, take note of the following parameters under Add multiple AWS accounts using CloudFormation StackSets:

    • DnsPrefixCloudTrail
    • ExternalId
    • ReqID
    • CustomerId
    • DnsPrefixFlow
    • IsCloudTrailAggregation
    • OptixBaseURL
  7. After you've copied the parameters, click Launch Stack.

    This takes you to the Quick stack create page in the AWS console with the correct parameters.

Configure management account StackSet

To create the AWS CloudFormation StackSet in your management account, do as follows:

  1. Sign into the AWS console with your AWS management account.
  2. Select the CloudFormation service.
  3. Select StackSets.
  4. Select Create StackSet.
  5. On the Choose a template page select Template is ready.

    Here's an image showing template selection.

    Screenshot showing template selection.

  6. Select Amazon S3 URL as the template source.

  7. Enter the template URL: https://avidcore.s3-us-west-2.amazonaws.com/aws/collectorv2-config/cloudformation/cfn-onboarding.yaml

    Here's an image showing the correct URL.

    Screenshot showing template source field with correct URL.

  8. Click Next.

Create CloudFormation StackSet

Use Sophos Cloud Optix information in the Create StackSet assistant.

Use the parameters you obtained earlier from your Sophos Cloud Optix account to fill in the fields in the AWS CloudFormation StackSet assistant. This links your StackSets to Sophos Cloud Optix.

Warning

Don't delete or amend any fields that are pre-populated by Sophos Cloud Optix or on-boarding fails.

Ensure you are signed into your chosen AWS management account and do as follows:

  1. Enter OptixStackSet into StackSet name on the Specify StackSet details page. Change the description if necessary.
  2. Enter the following parameters from Sophos Cloud Optix:

    • DnsPrefixCloudTrail
    • ExternalId
    • ReqID
    • CustomerId
    • DnsPrefixFlow
    • IsCloudTrailAggregation

    Don't change the SophosOptixAccountId field.

  3. The pre-populated list in the RegionList must only be changed if some of your regions don't have a default Amazon Virtual Private Cloud (VPC). You must remove those regions from the RegionList field or the on-boarding process fails.

  4. Set the isOrganizationTrail parameter to true.
  5. Don't change any other fields.

    Here is an example of the Parameters menu with correct data.

    Screenshot of Parameters menu, showing correct data in fields.

  6. Click Next. The Configure StackSet options page appears. You don't need to change anything.

  7. Click Next.
  8. On the Set deployment options page, select Deploy to Organization.

    Screenshot of Set deployment options menu, showing correct options selected.

  9. In Specify regions, choose one region.

    The CloudFormation stack instance is created in this region for the target member account.

  10. Click Next.

  11. A Review page appears, which shows you all the options you have entered. Check this carefully.
  12. Turn on I acknowledge that AWS CloudFormation might create IAM resources with custom names.
  13. Close the assistant. This creates the stack instance and adds the target member accounts to Sophos Cloud Optix.

Adding EKS clusters

After adding your AWS account to Sophos Cloud Optix, you can add Amazon Elastic Kubernetes Service (EKS) clusters.

You must add these clusters to Sophos Cloud Optix separately, using the Amazon CLI script provided by Sophos. See Add Amazon EKS clusters.