Legacy: Add AWS environments using CLI scripts

You can add your AWS environment using a script.

Warning You must only use this help section if you opened your Sophos Cloud Optix account before November 17th 2020. If you opened your account after that date, you must use the instructions under Add your AWS environments.

To run the script, you need to have AWS CLI version 2.0.33 or later installed on the computer where you plan to run the script. For more information see Legacy: Set up AWS CLI to run scripts

Note The instructions for using the script are only valid for a Linux or macOS AWS CLI. The scripts do not work with Windows.
Tip If you want to run the script with limited permissions, see Permissions needed to run Sophos Cloud Optix scripts. If not, you must use an IAM Administrator role to run the script.
  1. Click Settings (in the left-hand menu) and select Environments.
  2. Click Add New Environment.
  3. On the Add your cloud environment page, select the AWS tab.
  4. Download the Sophos Cloud Optix script provided on this tab.
  5. Run the script with the variables provided. You can copy and paste the command you need to run from your Sophos Cloud Optix console.


    The variables let you customize your setup in various ways, including these:

    • Use a non-default AWS region.
    • Reuse an existing CloudTrail instead of creating a new one.
    • Disable AWS Virtual Private Cloud (VPC) Flow logs (but note that this prevents the Topology traffic visualization and anomaly detection from working).

    For more details of these variables, see AWS CLI script variables.

After the script has finished running, you will see an "All steps done!" message. If there are no errors, your environment shows in the Sophos Cloud Optix dashboard.

Note After adding your AWS account to Cloud Optix, you can add Amazon Elastic Kubernetes Service (EKS) clusters. You must add these clusters to Sophos Cloud Optix separately, using the Amazon CLI script provided by Sophos. See Add your Amazon EKS clusters.