Ensure that SageMaker Notebook does not have direct internet access

When your AWS SageMaker notebook instances are publicly accessible, any machine outside the VPC can establish a connection to these instances, increasing the attack surface and the opportunity for malicious activity. It is recommended that the Amazon SageMaker notebook instances are not publicly accessible.

Risk Level: High
Cloud Entity: Amazon SageMaker
CloudGuard Rule ID: D9.AWS.NET.49
Covered by Spectral: Yes
Category: Machine learning

GSL LOGIC

SageMakerNotebook should have directInternetAccess = 'Disabled'

REMEDIATION

From Portal:
There is no possibility to disable Direct Internet Access to your existing notebook instances. To ensure that your AWS SageMaker notebook instances do not have direct internet access, you need to re-create these. If you configure your SageMaker instance without a VPC, then by default direct internet access is enabled on your instance. You should configure your instance with a VPC and change the default setting to Disable - Access the internet through a VPC.

While creating a new SageMaker, ensure notebook instances do not have direct internet access.

  1. Open the SageMaker console
  2. Navigate to Notebook instances.
  3. Delete the instance that has direct internet access enabled. Choose the instance, choose Actions, then choose stop.
  4. After the instance is stopped, choose Actions, then choose delete.
  5. Choose Create notebook instance. Provide the configuration details.
  6. Expand the Network section. Then choose a VPC, subnet, and security group. Under Direct internet access, choose Disable - Access the internet through a VPC.
  7. Choose Create notebook instance.

From TF:
Use direct_internet_access parameter set as Disabled to disable internet access to notebook. If value is set to Disabled, the notebook instance will be able to access resources only in your VPC, and will not be able to connect to Amazon SageMaker training and endpoint services unless you configure a NAT Gateway in your VPC.

resource "aws_sagemaker_notebook_instance" "example_name" {
	name          = example_name
	role_arn      = sagemaker_role_arn
	instance_type = instance_type
	security_groups = aws_security_group_sg_id
	subnet_id = VPC_subnet_id
	direct_internet_access = Disabled
	tags = {
		Name = "SageMaker"
	}
}

From Command Line:
Use following command to create new notebook instance with direct internet access option set as disabled.

aws sagemaker create-notebook-instance --region region_name --notebook-instance-name example_instance_name --instance-type type_of_instance --role-arn AmazonSageMaker_ExecutionRole_arn --kms-key-id kms_key_arn --subnet-id subnet_id --security-group-ids sg_ID --direct-internet-access Disabled

References:

  1. https://docs.aws.amazon.com/sagemaker/latest/dg/gs-setup-working-env.html
  2. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sagemaker_notebook_instance#direct_internet_access
  3. https://docs.aws.amazon.com/cli/latest/reference/sagemaker/create-notebook-instance.html

Amazon SageMaker

Amazon SageMaker provides every developer and data scientist with the ability to build, train, and deploy machine learning models quickly. Amazon SageMaker is a fully-managed service that covers the entire machine learning workflow to label and prepare your data, choose an algorithm, train the model, tune and optimize it for deployment, make predictions, and take action.

Compliance Frameworks

  • AWS CSA CCM v.4.0.1
  • AWS CloudGuard Best Practices
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS CloudGuard Well Architected Framework
  • AWS HITRUST
  • AWS HITRUST v11.0.0
  • AWS ISO27001:2022
  • AWS ITSG-33
  • AWS MAS TRM Framework
  • AWS MITRE ATT&CK Framework v10
  • AWS MITRE ATT&CK Framework v11.3
  • AWS NIST 800-53 Rev 5
  • CloudGuard AWS All Rules Ruleset