Ensure that Amazon SageMaker notebook instances are not publicly accessible
This rule can help you with the following compliance standards:
For further details on compliance standards supported by Conformity, see here.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
When your AWS SageMaker notebook instances are publicly accessible, any machine outside the VPC can establish a connection to these instances, increasing the attack surface and the opportunity for malicious activity.
To determine if your VPC-based Amazon SageMaker notebook instances don't have direct internet access feature enabled, perform the following:
Remediation / Resolution
To ensure that your Amazon SageMaker notebook instances do not have direct internet access, you need to re-create these instances with the necessary network configuration. To disable direct internet access for an AWS SageMaker notebook instance deployed within a VPC, perform the following actions:
- AWS Documentation
- Amazon SageMaker
- Amazon SageMaker FAQs
- Creating a Notebook Instance
- Step 2: Create an Amazon SageMaker Notebook Instance
- Notebook Instance Security
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Notebook Direct Internet Access
Risk level: Medium