Ensure that your AWS SageMaker notebook instances are running inside a Virtual Private Cloud in order to able to access VPC-only resources such as Amazon EFS file systems, resources which cannot be accessed outside a VPC network. A SageMaker notebook instance is a Machine Learning (ML) compute instance running on Jupyter Notebook software.
This rule can help you with the following compliance standards:
- PCI
- APRA
- MAS
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
Deploying and running your Amazon SageMaker notebook instances inside a VPC enables the instances to access all AWS resources available within that VPC using private IP addresses.
Audit
To determine if your Amazon SageMaker notebook instances are running within a VPC network, perform the following actions:
Remediation / Resolution
To ensure that your AWS SageMaker notebook instances are running inside a VPC, you need to re-create these instances with the necessary network configuration. To deploy your AWS SageMaker notebook instance within a Virtual Private Cloud (VPC), perform the following actions:
References
- AWS Documentation
- Amazon SageMaker
- Amazon SageMaker FAQs
- What Is Amazon SageMaker?
- Step 2: Create an Amazon SageMaker Notebook Instance
- Security
- Notebook Instance Security
- AWS Command Line Interface (CLI) Documentation
- sagemaker
- list-notebook-instances
- describe-notebook-instance
- create-notebook-instance
- delete-notebook-instance
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
Amazon SageMaker Notebook Instance In VPC
Risk level: Medium