Add your cloud environments
This page helps you identify the correct onboarding setup based on how your cloud resources are organized.
Before you add an environment, identify how your cloud resources are organized:
- Single account, subscription, or project
- Multi-region deployment
- Multiple accounts, subscriptions, or projects
Each provider supports these scenarios differently.
Supported setup scenarios
Review the scenario that matches your environment before onboarding.
Note
Any configuration or setup scenario that isn't explicitly documented on this page is outside the scope of supported configurations. Implementing unsupported scenarios may result in degraded performance or failed integrations. We strongly recommend adhering to the documented scenarios to ensure reliability and supportability.
| Environment type | What to do |
|---|---|
| Single account (single or multiple regions) | Add one AWS environment using IAM Role or Access Key. No additional region configuration is required unless you use region-specific services. |
| Multiple accounts (for example, AWS Organizations) | Add each account separately, or configure organization-wide access if you use AWS Organizations. |
| Region-specific services | Make sure that required services are available in each region before onboarding. Some services may require additional configuration. |
For detailed onboarding steps, configuration options, and console customization settings, see Add your AWS environment.
| Environment type | What to do |
|---|---|
| Single subscription | Register the subscription using an App Registration. |
| Multiple subscriptions in the same tenant | Register each subscription under the same App Registration. |
| Multiple tenants | Multi-tenant setups must be onboarded separately. |
For detailed onboarding steps, see Add your Microsoft Azure environment.
| Environment type | What to do |
|---|---|
| Single project | Add the project using a service account. |
| Multiple projects | Add each project separately. Each project must be onboarded individually. |
For detailed onboarding steps, see Add your Google Cloud Platform environment.
| Environment type | What to do |
|---|---|
| Single cluster | Add the cluster using the provided deployment instructions. |
| Multiple clusters | Add each cluster separately. Each cluster must be onboarded manually. |
For detailed onboarding steps, see Add your Kubernetes environment.
| Environment type | What to do |
|---|---|
| Single repository | Connect the repository for scanning. |
| Multiple repositories | Add each repository separately and make sure Sophos Cloud Optix has access. |
For detailed onboarding steps, see Add your IaC environments.
| Environment type | What to do |
|---|---|
| Public registry | Configure scanning directly from the registry. |
| Private registry | Configure registry access credentials before enabling scanning. |
| Multiple registries | Add each registry separately. |
For detailed configuration steps, see Container image scanning.
Things to keep in mind
- Use consistent naming conventions for your environments to make them easier to find and manage in Sophos Cloud Optix.
- If you're planning a complex setup (for example, hybrid or multi-organization), review the supported scenarios above before you add your environments. See Supported setup scenarios.
- If your setup isn't listed in the supported scenarios, contact Sophos Support.
Choose your provider
-
AWS
Connect your AWS accounts using an IAM Role or Access Key.
-
Microsoft Azure
Register your Azure subscriptions using an App Registration.
-
Google Cloud Platform
Connect your GCP projects using a service account.
-
Kubernetes
Add and monitor your Kubernetes clusters individually.
-
IaC
Integrate Terraform or other IaC templates for scanning and visibility.
-
Container image scanning
Scan container images for vulnerabilities.