Onboard an AWS Environment Into Sophos Cloud Optix (Using Windows 10)

You can add your AWS environment to Sophos Cloud Optix using a Linux or macOS computer by using the AWS CLI script or Terraform template provided. Full instructions are provided here: https://docs.sophos.com/pcg/optix/help/en-us/pcg/optix/tasks/AddAWS.html. However, if you are not able to use a Linux or macOS computer, you may be able to use the approach described below, using a Windows 10 computer. Please note that this approach is a currently unsupported workaround.
The instructions here will only work on a Windows 10 system that supports the Windows subsystem for Linux (version 1609 and above). Earlier versions of Windows Desktop OS (8, 7) and Windows Server OS do not have this feature. Instructions on how to Onboard using a Linux or MacOS system can be found here: https://docs.sophos.com/pcg/optix/help/en-us/pcg/optix/tasks/AddAWS.html

Install Windows Subsystem for Linux (WSL) on Windows 10

To install WSL, we first need to enable the feature and then install a Linux distribution. The instruction below installs the Ubuntu Linux distribution.
Pre-Requisite
- Windows 10 (the instructions below use Windows 10 version 1903 but previous versions of Windows 10 will work also)
- A Microsoft, School or Work Account to authenticate to the Microsoft Store

1. Open PowerShell as an administrator on Windows 10 and run the following command

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

2. When prompted to restart your computer, type "Y" for yes and press "Enter"

3. Once your system has rebooted, click the start button and search for "Store". Then open the "Microsoft Store"

4. In the Microsoft Store, search for "WSL" (means Windows Subsystem for Linux"), click on "Run Linux on Windows" and then click on the "Ubuntu" option

5. Click on "Get"

6. If prompted to sign in, go ahead and sign in with a Microsoft, Work or School account

7. The download should begin. After the download has completed, click on "Launch" to begin the installation

8. When prompted, enter the Unix username that you want to use, enter and confirm the password that you want to use also. After this, you should be on the bash shell on Windows 10

Install and Configure AWS CLI on Windows Subsystem for Linux

To install AWS CLI, we first need to install Python and pip. The instructions below cover the whole process.
Pre-Requisite
- An AWS Access Key ID and Secret Access Key with administrator access. Follow the instructions here if you're not sure how to do this - https://aws.amazon.com/premiumsupport/knowledge-center/create-access-key/

1. Update the package list using the following command:

apt update

2. Install Python using the following command. Enter "Y" for yes when prompted.

apt-get install python3

3. Install pip3 using the following command. Enter "Y" for yes when prompted.

apt-get install python3-pip

4. Install AWS CLI using the following commands. Enter "Y" for yes when prompted.

pip3 install awscli --upgrade --user
apt install awscli

5. Configure access to your AWS environment by using the command below.

aws configure

6. When prompted, enter the following:

AWS Access Key ID [None]: YOUR ACCESS ID
AWS Secret Access Key [None]: YOUR SECRET KEY
Default region name [None]: The region that you want to use as your default region. A list can be found here: https://docs.aws.amazon.com/general/latest/gr/rande.html
Default output format [None]: json

Onboard your AWS environment into Optix

1. Open the Cloud Optix console and sign-in with your credentials

https://optix.sophos.com

2. Navigate to the "Settings" item in the left-hand navigation menu and select "Environments", then click on "Add New Environment"

3. (Optional) Customize the deployment by clicking “Click here to customize your AWS installation” under the AWS Account tab

a. Choose an install region from the “Choose default install region” dropdown menu

b. Enter an existing cloudtrail if you wish to reuse one in the field below

c. Enabling VPC Flow Logs enables Cloud Optix to perform analysis of traffic inside the AWS account for alerting and topology purposes, but will cause increased operational spend on AWS – you can choose to use this service by clicking Yes or No in the “Enable VPC Flow Logs” section

d. Clicking “Yes” will enable you to further customize the regions in which you wish to enable flow logs by selecting them from the dropdown menu

e. Click Generate Install Configuration to generate the required steps to apply the desired custom configuration

4. Open the Windows Subsystem for Linux and run the commands shown in step 2A on the Sophos Cloud Optix portal

5. Once completed, run the commands shown in step 2B (or the commands received from the customization in step 4)

6. After the script has finished running, you will see a confirmation message. If there are no errors, your environment will now show in the Sophos Cloud Optix dashboard.