Add remediation (Guardrails)
You can enable remediation features for AWS environments.
By default, Sophos Cloud Optix needs only read-only access to your AWS environment.
If you want to enable the optional remediation features (Guardrails), you need to set up additional roles:
- Go to .
- Select an AWS environment and click Edit (the pen icon on the far right).
- Follow the instructions provided and generate the Remediate Role ARN and Remediate External Id.
In Sophos Cloud Optix click Remediation to set up automatic or manual remediation.