Ensure that your Amazon SageMaker notebook instances are running inside a Virtual Private Cloud (VPC) in order to be able to access VPC-only resources such as Amazon EFS file systems or resources which can't be accessed outside a VPC network. A SageMaker notebook instance is a Machine Learning (ML) compute instance running on Jupyter Notebook software.
This rule can help you with the following compliance standards:
- PCI
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Deploying and running your Amazon SageMaker notebook instances within a VPC network enables the SageMaker instances to access all AWS resources available within that VPC using private IP addresses.
Audit
To determine if your Amazon SageMaker notebook instances are running inside a VPC network, perform the following actions:
Remediation / Resolution
To ensure that your Amazon SageMaker notebook instances are running within a VPC, you need to re-create these instances with the necessary network configuration. To deploy your SageMaker notebook instances within a Virtual Private Cloud (VPC), perform the following actions:
References
- AWS Documentation
- Amazon SageMaker
- Amazon SageMaker FAQs
- What Is Amazon SageMaker?
- Step 1: Create an Amazon SageMaker Notebook Instance
- Security in Amazon SageMaker
- Connect to a Notebook Instance Through a VPC Interface Endpoint
- AWS Command Line Interface (CLI) Documentation
- sagemaker
- list-notebook-instances
- describe-notebook-instance
- create-notebook-instance
- delete-notebook-instance
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Amazon SageMaker Notebook Instance In VPC
Risk Level: Medium