Legacy: Add AWS environments using CLI scripts

You can add your AWS environment using a script.

Warning You must only use this help section if you opened your Sophos Cloud Optix account before November 17, 2020. If you opened your account after that date, you must use the instructions under Add your AWS environments.

To run the script, you need to have AWS CLI version 2.0.33 or later installed on the computer where you plan to run the script. For more information see Legacy: Set up AWS CLI to run scripts.

Note The instructions for using the AWS CLI script are only valid for a Linux or macOS AWS CLI. The scripts don't work with Windows.
Tip If you want to run the script with limited permissions, see Permissions needed to run Sophos scripts. If not, you must use an IAM Administrator role to run the script.
  1. Go to Settings and click Add Environments.
  2. On the Add your cloud environment page, select the AWS tab.
  3. Download the Sophos Cloud Optix script provided on this tab.
  4. Run the script with the variables provided. You can copy and paste the command you need to run from your Sophos Cloud Optix console.


    The variables let you customize your setup in various ways, including these:

    • Use a non-default AWS region.
    • Reuse an existing CloudTrail instead of creating a new one.
    • Turn off AWS Virtual Private Cloud (VPC) Flow logs (but note that this prevents the Topology traffic visualization and anomaly detection from working).

    For more details of these variables, see AWS CLI script variables.

After the script finishes, you see the message All steps done!. If there are no errors, your environment shows in the Sophos Cloud Optix dashboard.

Note After adding your AWS account to Sophos Cloud Optix, you can add Amazon Elastic Kubernetes Service (EKS) clusters. You must add these clusters to Sophos Cloud Optix separately, using the Amazon CLI script provided by Sophos. See Add your Amazon EKS clusters.