Skip to content

Legacy: Set up AWS CLI to run scripts

To add environments with scripts you must first set up the AWS CLI.

Warning

You must only use this help section if you opened your Sophos Cloud Optix account before November 17, 2020. If you opened your account after that date, you must use the instructions under Add your AWS environment.

Sophos provides scripts you can use with the AWS Command Line Interface (CLI) as a convenient way to add AWS accounts to Sophos Cloud Optix, add EKS clusters, delete environments, turn on remediation features, and more.

To use these scripts you must install and configure AWS CLI version 2.0.33 or later on a Linux or macOS computer.

You must do as follows:

  • Set up your AWS account to run scripts.
  • Set up the AWS CLI and run the Sophos script. You can do this on your local computer or on an EC2 instance.

See Universal Command Line Interface for Amazon Web Services.

Set up your AWS account to run scripts

You must create a new user or Identity and Access Management (IAM) role in your AWS account, with the permissions needed to run the Sophos Cloud Optix script. For convenience, you can run Sophos Cloud Optix scripts using an IAM administrator role.

If you want to run the scripts with limited permissions, you can create a custom IAM role with the specific permissions provided. See Legacy: Permissions for Sophos Cloud Optix AWS scripts.

Set up the AWS CLI on your local computer

Do as follows:

  1. Install the AWS CLI on your Linux or macOS computer. See Getting started with the AWS CLI.
  2. Configure the AWS CLI with the IAM Role or User that you created in step 1, using access keys. See Configuring the AWS CLI.

  3. Use the AWS CLI to download the script from Sophos and run it using the command provided in the Sophos Cloud Optix console.

    Sophos Cloud Optix creates your script and gives you the download URL when you add an environment.

Set up the AWS CLI on an EC2 instance

Do as follows:

  1. Create a Linux EC2 instance in your AWS account, or use an existing one.
  2. Attach the IAM Role that you created in step 1 to this instance. See Attaching an IAM Role to an Instance.
  3. Install the AWS CLI on your Linux EC2 instance. See Getting started with the AWS CLI.

  4. Use the AWS CLI to download the script from Sophos and run it using the command provided in the Sophos Cloud Optix console.

    Sophos Cloud Optix creates your script and gives you the download URL when you add an environment.