Amazon_SageMaker_1

Ensure SageMaker Notebook Instance Data Encryption is enabled

Description

SageMaker is a fully-managed AWS service that enables developers and data engineers to quickly and easily build, train and deploy machine learning models at any scale. An AWS SageMaker notebook instance is a fully managed ML instance that is running the Jupyter Notebook open-source web application. It is highly recommended that the data stored on Machine Learning (ML) storage volumes attached to your AWS SageMaker notebook instances is encrypted in order to protect your data from breaches or unauthorized access and fulfill compliance requirements for data-at-rest encryption within your organization.

Remediation

There is no possibility to enable encryption to an existing SageMaker instance. To ensure that your AWS SageMaker notebook instances are encrypted, you need to re-create these.

While creating a new SageMaker, ensure encryption is enabled:
1. Log in to the AWS Management Console.

2. Go to to SageMaker service dashboard at https://console.aws.amazon.com/sagemaker/.

3. Create notebook Instance.

4. Ensure that Permissions and encryption-> encryption key is selected ( select Enter a KMS key ARN option, then enter the full ARN of the AWS KMS default key).

5. Complete the rest of the configurations and Create your notebook instance

6. For More Information refer here: https://docs.aws.amazon.com/sagemaker/latest/dg/gs-setup-working-env.html

Service

SageMaker

Severity

High

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!