Add your AWS environment

You can choose which method you use to add your AWS environment to Sophos Cloud Optix.

You can add your AWS environments to Sophos Cloud Optix in many ways.

You can add them easily using AWS Quick-start setup, to get up and running with core features. You don't have to run scripts or create additional resources in your AWS environment.

If you use Quick-start you get a limited set of features. If you want to use advanced features then you need to use one of the full setup options. You can do this at a later stage for the same account. For more details see AWS Quick-start.

You can do a full setup with the following methods, which create the resources required to collect VPC flow logs and Cloudtrail logs from your environment.
  • Using the Sophos Cloud Optix AWS CLI script provided for Linux and macOS.
  • Using AWS CloudFormation.
  • Using the Terraform template provided.

If you're using AWS Organizations to centrally manage multiple AWS accounts, you must use the AWS CloudFormation setup method to add your accounts to Sophos Cloud Optix.

After adding your AWS account to Cloud Optix, you can add Amazon Elastic Kubernetes Service (EKS) clusters if you want to. You must add these clusters to Sophos Cloud Optix separately, using the Amazon CLI script provided by Sophos.


Before you add AWS environments you must be aware of the following points:

  1. By adding your AWS environment, you authorize Sophos to access information via APIs and to collect log data from your environment. Your cloud provider may charge you for this. See Cloud provider charges or contact your provider for details.
  2. AWS regions that aren't connected to the global AWS infrastructure, including AWS GovCloud (US) and AWS China, are not supported.
  3. Sophos Cloud Optix doesn't support AWS's legacy EC2-Classic platform, which was deprecated in 2013. You can add AWS environments that are on the EC2-VPC platform.