Legacy: AWS Quick-start

These instructions tell you how to use the AWS Quick-start option to connect your AWS accounts to Sophos Cloud Optix easily.

Warning You must only use this help section if you opened your Sophos Cloud Optix account before November 17, 2020. If you opened your account after that date, you must use the instructions under Add your AWS environments.

Using a simple CloudFormation template, Quick-start creates a read-only IAM role in your AWS account. Sophos Cloud Optix uses this role to access information via APIs to monitor security.

Quick-start gets you up and running with core features, including:

  • Inventory.
  • Security configuration scanning.
  • Spend monitoring.
  • Sophos server workload agent integration.

Quick-start doesn't support the following advanced features:

  • Network traffic information flow displayed on Network Visualization.
  • Outbound network traffic anomaly detection and alerts.
  • Activity Logs, including identification of high-risk activities.
  • User login anomaly detection and alerts.
  • Sophos Managed Threat Response (MTR) connector.

To use these features, use one of the full setup options instead.

If you add an environment with Quick-start, and then later you want to use the advanced features with the same environment, use the AWS CLI script setup option. You don't have to remove the environment first. See Add AWS environments using AWS CloudShell or AWS CLI.

Restriction Quick-start can't be used with the Sophos MTR connector. This requires Activity Logs and Flow Logs to receive anomaly alerts from Sophos Cloud Optix. To use the Sophos MTR connector, use one of the full setup options.

To use Quick-start, do as follows:

  1. Sign in to your AWS console with the account you want to add to Sophos Cloud Optix.
  2. Sign in to Sophos Cloud Optix.
  3. Go to Settings and click Add Environments.
  4. Click AWS > AWS Quick-start.
  5. Read the information and click Launch Stack.
    This opens Quick create stack in your AWS console and automatically populates it with the parameters required to connect your environment to Sophos Cloud Optix. Don't change any of these parameters.
  6. In your AWS console, turn on I acknowledge that AWS CloudFormation might create IAM resources with custom names.
  7. In your AWS console, Click Create Stack.
    This creates an IAM role (Avid-Role) in your AWS account and connects your AWS account to Sophos Cloud Optix.
Note After adding your AWS account to Sophos Cloud Optix, you can add Amazon Elastic Kubernetes Service (EKS) clusters. You must add these clusters to Sophos Cloud Optix separately, using the Amazon CLI script provided by Sophos. See Add your Amazon EKS clusters.