AWS Config Rule: SageMaker Notebook Instance Root Access Check
SAGEMAKER_NOTEBOOK_INSTANCE_ROOT_ACCESS_CHECK
Eduardo Van Cauteren
Last Update לפני 3 חודשים
Description: Checks if the Amazon SageMaker RootAccess setting is enabled for Amazon SageMaker notebook instances. The rule is NON_COMPLIANT if the RootAccess setting is set to ‘Enabled’ for an Amazon SageMaker notebook instance.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region
How to Resolve Manually
This config rule checks if root access is enabled for a particular Notebook Instance. The rule will be flagged as non-compliant if one instance is found with root access enabled.
In order to resolve this, go to Amazon SageMaker service within the AWS Console and then click on Notebook > Notebook instances from the lefthand menu. From there, you will see a list of all the instances deployed. Locate the one that is not in compliance and click on its name to enter to the Settings page.
To disable root access, you will need to stop the notebook first, so click on Stop button and wait until the instance is fully stopped. Then click on Edit button located in the Notebook instance settings tab.
From there, find the Permissions and encryption card to disable the root access, as shown in the following screenshot, and finally click on Update notebook instance button to save the settings.
Remember to start the instance again if you need to do so.
How to Resolve with StackZone
The StackZone remediation for this Config Rule will execute an SSM Document capable of disabling automatically the root access on the SageMaker Notebook Instances
To enable the Remediation for this Config Rule, head on over to Baseline Services > Config Rules Regional > Amazon SageMaker and enable the Notebook Instance Root Access Remediation.
Remember that this remediation will perform the steps outlined in the Manual Process above, which includes stopping the Notebook instance if it's running at the time of the Remediation execution.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here