Skip to content

Amazon Web Services

Deploy the Sophos Remote Testing Appliance (RTA) as an EC2 instance in your own AWS account. We share a pre-built AMI with your account directly — you launch an instance from it and activate the appliance with a one-time code shown on its console (see How delivery works on AWS below).

How delivery works on AWS

You receive two things from your engagement lead:

Item What it is
Shared AMI ID The AMI ID (e.g. ami-0abc1234...) shared with your AWS account. Region-specific — use it in the same region it was shared into.
AWS Account ID (optional) The Sophos account that owns the AMI. Useful for CLI lookups with --owners.

The AMI is shared cross-account and appears in your EC2 console under Private images. It is a UEFI-boot Linux image — a generic appliance with no engagement identity baked in, so no seed disk or manual setup is required at launch.

First boot: activation

Because the AMI is generic, the appliance comes up in activation mode: its console shows an Appliance Registration screen with a one-time activation code. Read the code with Actions → Monitor and troubleshoot → Get instance screenshot and give it to your Sophos engagement lead to activate the appliance. Once activated, it provisions itself, brings up the outbound VPN tunnel, and the console switches to the live status dashboard.

Launch in the correct region

AMIs are a Regional resource. The shared AMI is only visible and launchable in the region it was shared into. If you need it in a different region, ask your engagement lead for an AMI in that region.

Requirements

Resource Minimum Recommended
Instance type Nitro-based, 2 vCPU / 4 GB (e.g. t3.medium) t3.large (2 vCPU / 8 GB) or t3.xlarge / m5.xlarge (4 vCPU / 16 GB)
Root volume 40 GB 40 GB
Networking Outbound internet; no public IP / no inbound rules Existing VPC/subnet with NAT gateway or internet gateway egress

Nitro instance types only

The RTA image uses UEFI boot mode. Only AWS Nitro System-based instance types support UEFI — older Xen-based families (t2, m4, c3, c4, r3, m3, and earlier) do not support UEFI and the instance will fail to launch or boot to a blank console. Use any current-generation type in the t3, t3a, m5, m6i, c5, c6i, r5, or r6i families, or similar.

Choose a deployment method

  • EC2 Console (GUI)

    Point-and-click: find the shared AMI in the EC2 console and launch an instance through the standard wizard.

  • AWS CLI

    aws ec2 end-to-end. Look up the shared AMI and launch a fully configured instance in a single command.