Add remediation (Guardrails)

You can enable remediation features for AWS environments.

By default, Sophos Cloud Optix needs only read-only access to your AWS environment.

If you want to enable the optional remediation features (Guardrails), you need to set up additional roles:

  1. Go to Settings > Environments.
  2. Select an AWS environment and click Edit (the pen icon on the far right).
  3. Follow the instructions provided and generate the Remediate Role ARN and Remediate External Id.

In Sophos Cloud Optix click Remediation to set up automatic or manual remediation.