Legacy: AWS CLI script variables
AWS script variables
Required variables
The script for adding an AWS environment takes the following variables:
|
Variable |
Description |
|---|---|
|
EXTERNAL _ID |
Specify this for the assumed role that Sophos Cloud Optix uses when acting on your behalf. It is added in the trust policy of the read-only role that Sophos Cloud Optix creates in your environment. |
|
CUSTOMER_ID |
The Customer UUID used for all uploads and connections. |
|
REQUEST_ID |
The self-generated ID used to validate the account addition request and associate the callback from the environment for linking the account added. The REQUEST_ID keeps refreshing and is valid for 7 days to allow multiple environments to be added from within a customer account via scripting. |
|
DNS_PREFIX_FLOW |
The customer specific prefix that allows connection back to the appropriate collector node in the Sophos Cloud Optix backend for flowlogs. |
|
DNS_PREFIX_CLOUDTRAIL |
The customer specific prefix that allows connection back to the appropriate collector node in the Sophos Cloud Optix backend for CloudTrial logs. |
Optional variables
Optionally, the script can also use the following variables if they are specified:
|
Variable |
Description |
|---|---|
|
AWS_DEFAULT_REGION |
Use this if you want to install in a region that is different than your configured default region for AWS CLI. |
|
TRAIL_NAME |
Use this if you want to reuse an existing CloudTrail instead of creating a new one (The default installation creates a new CloudTrail). Enter the existing trailname. Please note that a Lambda function should be attachable to the corresponding CloudWatch log group. |
|
FLOW_LOGS |
The default install enables VPC Flow Logs for every Amazon VPC across all regions. Specify 0 to skip VPC flow log enablement. If you want to control specific regions for flow logs, you should specify 1 and provide the list of regions in the variable FLOWLOG_REGIONS. |
|
FLOWLOG_REGIONS |
Command separated list of AWS regions. |