When your AWS SageMaker notebook instances are publicly accessible, any machine outside the VPC can establish a connection to these instances,
There is no possibility to disable Direct Internet Access to your SageMaker. To ensure that your AWS SageMaker notebook instances do not have direct internet access, you need to re-create these:
While creating a new SageMaker, ensure notebook instances do not have direct internet access.
1. Log in to the AWS Management Console:
2. Go to to SageMaker service dashboard at https://console.aws.amazon.com/sagemaker/
3. Create notebook Instance.
4. Under Network – Select VPC and ensure that Direct internet access” is set to “Disable — Access the internet through a VPC”.
5. For More Information refer here: https://docs.aws.amazon.com/sagemaker/latest/dg/gs-setup-working-env.html