Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
Sophos provides the ability to associate your Amazon Web Services (AWS) accounts with your Sophos Central account, to improve the management of Sophos Server Protection on AWS Elastic Computer Cloud (EC2) instances and S3 storage. This article answers the frequently asked questions on Amazon Web Services integration with Sophos Central.
Applies to the following Sophos product(s) and version(s) Sophos Central Server Protection
The following questions are answered:
This integration with AWS improves the management of Sophos Server Protection on EC2 instances in AWS. It will:
You will also be able to view UTM instances in your AWS environment.
Note: Sophos does not test Amazon WorkSpaces. If you have not connected your AWS account you may find the associated AWS Instance ID does not get removed if you delete the Server in Sophos Central.
AWS integration is covered under both the Server Standard Protection and Server Advanced Protection licenses. A license is required for each EC2 instance that is protected with a Sophos Server Protection Agent.
Both Windows and Linux servers can be managed:
See, Creating an IAM Role for Sophos Central.
Note: This option will be available to read-only users but they will not be able to complete the migration, this must be done by an admin.
Under Server Protection, go to Servers on AWS and click on the AWS Instances tab area within the Sophos Central Admin console. If you have not connected your AWS account, the list will only display servers running in AWS that have a Sophos Server Protection Agent installed.
When your AWS account is connected, the list is extended to show ALL EC2 instances, identifying whether each instance has a Sophos Server Protection Agent installed or not or is a Sophos UTM. Connecting your AWS account to Sophos Central will also augment the list with additional EC2 metadata including Lifecycle state, AMI ID, Region, and more.
You can also view all instances by clicking on the Map tab. Using the Map you can obtain information on your instances Globally, by Location and by Region.
Under Server Protection, go to Servers on AWS and click on the S3 storage tab area within the Sophos Central Admin console. If you have not connected your AWS account the display will contain no S3 storage information.
When your AWS account is connected, the list will show ALL S3 storage information, identifying the Default encryption, Versioning, Access control list (public access), Policy and CloudTrail logging status for your S3 storage.
Note: If you are still using IAM User connection you must change to using IAM Role to see your S3 storage information.
Yes, if you have configured your S3 storage in a way that differs from our default settings you can choose to override the amber or red health status. To do this access the S3 storage tab and click on the name of the storage bucket you want to override. Under Health info tick the settings where you want to Acknowledge (override) the status and then click Save.
The acknowledged setting will no longer contribute to the overall health of the S3 storage bucket.
Note: If on a future synchronization the health of the S3 storage bucket is more severe (amber to red) the Acknowledged setting will be overwritten with the new status.
Yes, Sophos provides integration with the AWS Security Hub. We will send alerts raised against your Servers to the AWS Security Hub and update the status when the alerts are resolved.
This integration requires a number of settings/actions both in Sophos Central and AWS:
Sophos Central Requirements:
See Creating an IAM Role for Sophos Central for further information.
To connect your AWS account with Sophos Central, you need to create an IAM Role for your AWS account with the permissions required for the service. By providing your AWS IAM Role credentials, you are explicitly granting Sophos permission to connect to your AWS account for read-only access to information relating to EC2 instances and Auto Scaling Groups. This connection from Sophos Central will enable EC2 instance information to be displayed, server policies to be assigned to Auto Scaling Groups, and terminated EC2 instances to be removed automatically.
The IAM credentials are stored with AES 256 encryption (using a unique key), within a key store. These credentials are removed automatically when the AWS account association is removed from Sophos Central.
Other non-personally identifiable data, such as EC2 instance and Auto Scaling Group data stored for the purposes of providing this Sophos Central AWS service are stored in a separate database. In more detail, this data includes, although is not limited to, the AWS account identity, EC2 instance identities, AMI identities, EC2 life-cycle states, VPC identities, availability zones and Auto Scaling Group names and ARNs. Account data is automatically removed when the AWS account association is removed from Sophos Central.
When an EC2 instance is terminated in AWS, for example due to Auto Scaling, the server will be removed from the Sophos Central console automatically within a few minutes. License usage information in Sophos Central will also be updated automatically
Sophos Server Protection can be installed onto AWS EC2 instances using your preferred deployment tool, such as Chef or Puppet, using ready-made scripts provided by Sophos. Simply grab the link to the installer from the Protect Devices area of your Sophos Central Admin console and embed it into a deployment script, or host the installer in an AWS S3 bucket if you prefer. Alternatively, create an AMI with Sophos Server Protection installed. When new AWS instances are launched with the Sophos agent installed, the agent will register your Sophos Central console and apply policy automatically.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.