Add remediation (Guardrails)

You can enable remediation features for AWS environments.

By default, Sophos Cloud Optix needs only Read-only access to your AWS environment.

If you want to enable the optional remediation features (Guardrails), you need to set up additional roles:

1. Go to Settings > Environments.
2. Select an AWS environment and click Edit (the pen icon on the far right).
3. Follow the instructions provided and generate the Remediate Role ARN and Remediate External Id.

Now you can start using remediation.

See Turn on automatic remediation or Use manual remediation.