Detections
Analytics

Ensure data encryption is enabled for AWS SageMaker Notebook instances

HIGH

Description

AWS SageMaker Notebook instances do not have data encryption enabled which may cause exposure of sensitive data.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and go to SageMaker dashboard.
  2. Create a notebook instance.
  3. Make sure that permissions and encryption key is selected.
  4. Complete the rest of the configurations.

In Terraform -

  1. In the aws_sagemaker_notebook_instance resource, set the kms_key_id field to a valid KMS key.

References:
https://docs.aws.amazon.com/sagemaker/latest/dg/encryption-at-rest.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sagemaker_notebook_instance#kms_key_id

Policy Details

Rule Reference ID: AC_AWS_0384
CSP: AWS
Remediation Available: Yes
Domain: Data Protection
Resource: aws_sagemaker_notebook_instance
Resource Category: Analytics
Resource Type: Sagemaker

Frameworks