AWS Server Policy

Hi, 

 

I need my AWS Servers and preferably different accounts to have different policy settings applied at install time rather then picking up the main server policy. 

Is there a way to do this?

  • Hi LRB,

    Are you using ASGs? If you are, you can apply policy to the ASG that the server will pick up. https://community.sophos.com/kb/en-us/125510 

    If not, you could use Server Groups and assign policies to these groups. Adding a Server to a Group can be done using an installation switch: https://community.sophos.com/kb/en-us/127045 

    Stephen

  • In reply to StephenMcKay:

    Thanks StephenMcKay, 

    Should be able to make of these options work. Its a shame there is no option for selecting the caching servers too.

  • In reply to LRB:

    He


    We used the installation switch to auto join a group - however, its seems to be creating a new group for each deployment (same group name) and then not even joining it?

    AWS_SVT for example here. 

  • In reply to LRB:

    Hi LRB,

    Please can you PM me your AWS Account ID; we identified 3 accounts that are exhibiting this behaviour and are currently troubleshooting the root cause.

    EDIT: Please can you confirm the switch that you are using and how you are creating/deploying the installation script?

    Regards,

    Stephen

  • In reply to LRB:

    Hi LRB,

    When we detect an ASG we automatically create a group in Sophos Central and add all instances of the ASG to that group. Your script is adding the instance to a group you specify (it will create one if that group doesn't exist), but we will move an instance that is in an ASG to the ASG group. Note: This happens around once per hour, so an instance might appear for a short period in the group you specify before being moved. 

    We introduced this functionality when we launched our AWS Connector to allow admins to assign policies to the ASG, these policies are then applied to all instances that are protected within the ASG, or when the instance is created. 

    If you have a need to have different policies for servers in the same ASG i'd like to understand the use case. 

    Regards,

    Stephen