Set up AWS CLI to run scripts

To add environments with scripts you must first set up the AWS CLI.

Introduction

Sophos provides scripts you can use with the AWS Command Line Interface (CLI) as a convenient way to add AWS accounts to Sophos Cloud Optix, add EKS clusters, delete environments, turn on remediation features, and more.

To use these scripts you must install and configure AWS CLI version 1.11.188 (or higher) on a Linux or macOS computer.

You must do as follows:

  • Set up your AWS account to run scripts.
  • Set up the AWS CLI and run the Sophos script You can do this on your local computer or on an EC2 instance.

Full instructions are in the sections below.

For more information, see Universal Command Line Interface for Amazon Web Services

Setting up your AWS account to run scripts

You must create a new user or Identity and Access Management (IAM) role in your AWS account, with the permissions needed to run the Sophos Cloud Optix script that you want to use. For convenience, you can run Sophos Cloud Optix scripts using an IAM administrator role.

If you want to run the scripts with limited permissions, you can create a custom IAM role with the specific permissions provided. See Permissions needed to run Sophos Cloud Optix scripts.

Setting up the AWS CLI on your local computer

Do as follows:

  1. Install the AWS CLI on your Linux or macOS computer. See Installing the AWS CLI.
  2. Configure the AWS CLI with the IAM Role or User that you created in step 1, using Access Keys. See Configuring the AWS CLI
  3. Use the AWS CLI to download the script from Sophos and run it using the command provided in the Cloud Optix console. The script URL and command will depend on the script that you want to run.

Setting up the AWS CLI on an EC2 instance

Do as follows:

  1. Create a Linux EC2 instance in your AWS account, or use an existing one.
  2. Attach the IAM Role that you created in step 1 to this instance. See Attaching an IAM Role to an instance
  3. Install the AWS CLI on your Linux EC2 instance. See Installing the AWS CLI
  4. Use the AWS CLI to download the script from Sophos and run it using the command provided in the Cloud Optix console. The script URL and command will depend on the script that you want to run.