Amazon_SageMaker_4

Ensure that SageMaker Notebook Instance Data Encryption with KMS CMKs is enabled

Description

AWS SageMaker removes the barriers that typically slow down data developers who want to use machine learning in the cloud. A SageMaker notebook instance is a fully managed Machine Learning (ML) instance based on the Jupyter Notebook web application. It is recommended that your SageMaker notebook instance storage volumes are encrypted with Amazon KMS Customer Master Keys (CMKs) instead of AWS managed-keys in order to have a more granular control over the data-at-rest encryption/decryption process and meet compliance requirements. SageMaker is a fully-managed AWS service that enables data scientists and developers to build, train and deploy machine learning models at any scale. A SageMaker notebook instance is a fully managed Machine Learning (ML) instance based on the Jupyter Notebook web application.

Remediation

There is no possibility to enable encryption to an existing SageMaker instance. To ensure that your AWS SageMaker notebook instances are encrypted, you need to re-create these.


While creating a new SageMaker, ensure encryption is enabled..

1. Log in to the AWS Management Console:

2. Go to to SageMaker service dashboard at https://console.aws.amazon.com/sagemaker/

3. Create notebook Instance.

4. Ensure that Permissions and encryption-> encryption key is selected ( select Enter a KMS key ARN option, then enter the full ARN of the AWS KMS default key).

5. Complete the rest of the configurations and Create your notebook instance

6. For More Information refer here: https://docs.aws.amazon.com/sagemaker/latest/dg/gs-setup-working-env.html

Service

SageMaker

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!