Repair AWS environments

If you have problems with your AWS environment in Sophos Cloud Optix you can repair it.

The repair process removes and recreates the Sophos Cloud Optix resources in your AWS environment, while preserving the existing Sophos Cloud Optix settings and data.

The way you do this depends on the way you first added the environment.

• If you used AWS CloudFormation, see Use AWS CloudFormation.
• If you used AWS CloudShell or AWS CLI, see Use AWS CLI.
• If you used Terraform, see Use Terraform.

If this method doesn't work, you can also remove the environment from Cloud Optix, then add it again. If you do this, you lose the settings and data for that environment. See Remove AWS environments.

Use AWS CloudFormation

If you added your AWS environments to Sophos Cloud Optix with AWS CloudFormation, remove the resources from your AWS console, and then add the environment again.

To do this, do as follows:

1. Sign in to your AWS console.

2. In the CloudFormation console, delete the Cloud Optix stack.

   For more help about deleting stacks in AWS, see Deleting a stack on the AWS CloudFormation console.

Delete CloudTrail bucket

Depending on how the S3 bucket for your CloudTrail data was created, you might need to delete it before you add the environment again.

If the bucket was created when you added the environment to Sophos Cloud Optix, you need to delete it. If there's data in that bucket, and you don't want to lose it, enter a different S3 bucket name when you add the environment again. This will create a new S3 bucket.

If you're using your own S3 bucket that you created separately, you don't need to delete it.

The name of an S3 bucket created when you added an environment depends on when it was added. Recent buckets are labeled "sophos-optix-cloudtrail-<AWS-ACCOUNT-ID>". Older buckets are labeled "avid-cloudtrail-<AWS-ACCOUNT-ID>".

Find the CloudTrail bucket and delete it.

For more help about deleting S3 buckets in AWS, see Deleting a bucket.

Add the environment again

1. Sign in to Sophos Cloud Optix.

   Don't remove the AWS environment.

2. Click Add Environments > AWS.

3. Click Choose a full setup option.
4. Click CloudFormation. You can also click Go.
5. Choose whether you are adding a single AWS account, or using AWS Organizations.

6. Select Use standard setup or Customize your setup and click Continue.

   The assistant takes you through the process of adding your AWS environments. The assistant creates a script, using your answers to set variables in the script.

7. Follow the instructions to run the script and set up the stack in your AWS environment.

Your AWS environment is now repaired.

Use AWS CLI

If you added your AWS environments to Sophos Cloud Optix by running commands in AWS CloudShell or AWS CLI, you must remove the resources from AWS, and then add the environment again.

To remove the resources from AWS, copy the following commands and run them in AWS CloudShell or AWS CLI:

curl -s "http://avidcore.s3-us-west-2.amazonaws.com/aws/collectorv2-config/undo-add-account.sh" -o undo-add-account.sh

bash undo-add-account.sh

To add your environment to Sophos Cloud Optix, do as follows:

1. Sign in to Sophos Cloud Optix.

   Don't remove the AWS environment.

2. Click Add Environments > AWS.

3. Click Choose a full setup option.
4. Click AWS CloudShell or AWS CLI (Linux and Mac only). You can also click Go.

5. Select Use standard setup or Customize your setup and click Continue.

   The assistant takes you through the process of adding your AWS environments. The assistant creates a script and other commands, using your answers to set variables in the script.

6. Follow the instructions to download the script and other commands.

7. Run the script and commands with AWS CloudShell or AWS CLI.

Your AWS environment is now repaired.

Use Terraform

If you added your AWS environments to Sophos Cloud Optix with Terraform, you can use Terraform to remove the resources from AWS, and then add the environment.

Remove AWS resources

To remove the resources from AWS, do as follows:

1. If you still have the .tfstate file you used to add the environments, use the following command:

   terraform destroy
   

   If you don't have the .tfstate file you used to add the environments, follow the instructions for removing AWS resources using the AWS CLI. See Use AWS CLI.

2. Delete the S3 bucket used for your CloudTrail. See Delete CloudTrail bucket.

Then add the environment again.

Add environment AWS resources

To add your environment to Sophos Cloud Optix, do as follows:

1. Sign in to Sophos Cloud Optix.

   Don't remove the AWS environment.

2. Click Add Environments > AWS.

3. Click Choose a full setup option.
4. Click Terraform. You can also click Go.

5. Choose an installation method from the following:

   • Use standard setup and click Continue.
   • Customize your setup and click Continue.

   If you choose Customize your setup, you're asked questions about your CloudTrail log files and VPC flow log files.

   Your Terraform script appears.

6. Follow the instructions to download and run the Sophos Cloud Optix template.

7. Copy the AWS account ID and IAM role from the output of the Terraform template. You'll need this later.

8. Click Continue.

   Generate the command to add your AWS account appears.

9. Answer the questions, using the AWS account ID and IAM role you copied earlier. Click Generate command.

   A customized curl command appears.

10. Copy the curl command and run it.

Your AWS environment is now repaired.