Skip to content

Legacy: AWS Quick-start

These instructions tell you how to use the AWS Quick-start option to connect your AWS accounts to Sophos Cloud Optix easily.

Warning

You must only use this help section if you opened your Sophos Cloud Optix account before November 17, 2020. If you opened your account after that date, you must use the instructions under Add your AWS environment.

Using a simple CloudFormation template, Quick-start creates a read-only IAM role in your AWS account. Sophos Cloud Optix uses this role to access information via APIs to monitor security.

Before you start

Quick-start gets you up and running with core features, including:

  • Inventory.
  • Security configuration scanning.
  • Spend monitoring.
  • Sophos server workload agent integration.

Quick-start doesn't support the following advanced features:

  • Network traffic information flow displayed on Network Visualization.
  • Outbound network traffic anomaly detection and alerts.
  • Activity Logs, including identification of high-risk activities.
  • User login anomaly detection and alerts.
  • Sophos Managed Detection and Response (MDR) integration.

To use these features, use one of the full setup options instead.

If you add an environment with Quick-start, and then later you want to use the advanced features with the same environment, use the AWS CLI script setup option. You don't have to remove the environment first. See Legacy: Add AWS environments using CLI scripts.

Note

Quick-start can't be used with the Sophos MDR integration. This requires Activity Logs and Flow Logs to receive anomaly alerts from Sophos Cloud Optix. To use the Sophos MDR integration, use one of the full setup options.

Use Quick-start

To use Quick-start, do as follows:

  1. Sign in to your AWS console with the account you want to add to Sophos Cloud Optix.
  2. Sign in to Sophos Cloud Optix.
  3. Click Add Environments.
  4. Click AWS > AWS Quick-start.
  5. Read the information and click Launch Stack. This opens Quick create stack in your AWS console and automatically populates it with the parameters required to connect your environment to Sophos Cloud Optix. Don't change any of these parameters.
  6. In your AWS console, turn on I acknowledge that AWS CloudFormation might create IAM resources with custom names.
  7. In your AWS console, click Create Stack. This creates an IAM role (Avid-Role) in your AWS account and connects your AWS account to Sophos Cloud Optix.

Adding EKS clusters

After adding your AWS account to Sophos Cloud Optix, you can add Amazon Elastic Kubernetes Service (EKS) clusters.

You must add these clusters to Sophos Cloud Optix separately, using the Amazon CLI script provided by Sophos. See Legacy: Add your Amazon EKS clusters.