Add AWS environments using CLI scripts

You can add your AWS environment using a script.

To run the script, you need to have AWS CLI version 1.11.188 or later installed on the computer where you plan to run the script. For more information see Set up AWS CLI to run scripts.
Note The instructions for using the script are only valid for a Linux or macOS AWS CLI. The scripts do not work with Windows.
Tip If you want to run the script with limited permissions, see Permissions needed to run Sophos Cloud Optix scripts. If not, you must use an IAM Administrator role to run the script.
  1. Click Settings (in the left-hand menu) and select Environments.
  2. Click Add New Environment.
  3. On the Add your cloud environment page, select the AWS tab.
  4. Download the Sophos Cloud Optix script provided on this tab.
  5. Run the script with the variables provided. You can copy and paste the command you need to run from your Sophos Cloud Optix console.


    The variables let you customize your setup in various ways, including these:

    • Use a non-default AWS region.
    • Reuse an existing CloudTrail instead of creating a new one.
    • Disable AWS Virtual Private Cloud (VPC) Flow logs (but note that this prevents the Topology traffic visualization and anomaly detection from working).

    For more details of these variables, see AWS CLI script variables.

After the script has finished running, you will see an "All steps done!" message. If there are no errors, your environment shows in the Sophos Cloud Optix dashboard.

After adding your AWS account to Cloud Optix, you can add Amazon Elastic Kubernetes Service (EKS) clusters if you want to. You must add these clusters to Sophos Cloud Optix separately, using the Amazon CLI script provided by Sophos.