Setting up environments for Spend Monitor

Find out how to turn on spend monitoring for different types of cloud environments.

Spend monitoring is turned on by default when you add a new AWS or Microsoft Azure environment to Sophos Cloud Optix. But for all GCP environments, and some AWS and Microsoft Azure environments, you may need to turn on spend monitoring in Sophos Cloud Optix.

Spend monitoring data isn't available in Sophos Cloud Optix for Microsoft Azure subscriptions billed through Microsoft Cloud Solution Provider (CSP) plans.

Restriction For AWS environments, you must also add the required permissions to the Sophos Cloud Optix read-only IAM role in your AWS account.

Setting up environments for Spend Monitor

Spend Monitor may already be turned on, depending on the environment type and when you added the environment to Sophos Cloud Optix.

Check what you need to do as follows:

  • AWS environments: depending on when you added the environment to Sophos Cloud Optix, you may need to add permissions in AWS so that Sophos Cloud Optix can access spend information. See the additional setup instructions for AWS Environments.
  • Azure environments: no additional permissions are required to allow Sophos Cloud Optix to access spend information. You may still need to turn on Spend Monitor in Sophos Cloud Optix.
  • GCP environments: you must turn on Cloud Billing exports to BigQuery in your Google account before you turn on Spend Monitor in Sophos Cloud Optix. See Export Cloud Billing data to BigQuery for more details. When Google has created a table containing billing information, in Sophos Cloud Optix, go to Settings and click Environments. Enter the dataset and table name provided by BigQuery, then turn on Spend Monitor.

Additional setup instructions for AWS environments

Your Sophos Cloud Optix IAM role must have the required permissions to access your AWS account.

Note You must locate the Sophos Cloud Optix read-only IAM role in AWS. Depending on when your AWS environments were added to Sophos Cloud Optix, this may be called Sophos-Optix-role or Avid-Role.

Depending on when you added your AWS account to Sophos Cloud Optix, the IAM role may already have the required permissions.

If spend monitoring information doesn't automatically appear in Sophos Cloud Optix for your AWS environment, check that your IAM role has the following permissions, and add them if necessary:

  • ce:GetCostAndUsage
  • ce:GetCostForecast
  • ce:GetUsageForecast
  • support:DescribeTrustedAdvisorCheckResult
  • support:RefreshTrustedAdvisorCheck

Turn Spend Monitor on or off in Sophos Cloud Optix

To turn spend monitoring on or off for specific environments in Cloud Optix, do as follows:

  1. Go to Settings and click Environments.
  2. Click the edit icon Edit icon for the environment where you want to turn on spend monitoring.
  3. Switch spend monitoring on.
  4. Click Save.