Ensure network isolation is enabled for AWS SageMaker

MEDIUM

Description

Network isolation has been disabled. Network isolation is required for training jobs and models run using resources from AWS Marketplace.

Remediation

In AWS Console -

Sign in to AWS Console and go to the Amazon SageMaker console.
Select the Region.
In the navigation pane, select Models and then select Create Model.
Add the required details and in the Network settings, select Enable network isolation.
Select Create model.

In Terraform -

In the aws_sagemaker_model resource, set the enable_network_isolation field to true.

References:
https://docs.aws.amazon.com/sagemaker/latest/dg/security_iam_id-based-policy-examples.html#sagemaker-condition-isolation
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sagemaker_model#enable_network_isolation

Policy Details

Rule Reference ID: AC_AWS_0225

CSP: AWS

Remediation Available: Yes

Domain: Security Best Practices

Resource: aws_sagemaker_model

Resource Category: Analytics

Resource Type: Sagemaker

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0