57

AWS Config Rules

Last Update לפני חודשיים

AWS Config Rule: IAM PASSWORD POLICY AWS Config Rule: IAM USER MFA ENABLED AWS Config Rule: MFA ENABLED FOR IAM CONSOLE ACCESS AWS Config Rules: IAM User Unused Credentials Check AWS Config Rule: Access Keys Rotated

AWS Config Rule: SageMaker Notebook Instance Root Access Check

SAGEMAKER_NOTEBOOK_INSTANCE_ROOT_ACCESS_CHECK

Eduardo Van Cauteren

Last Update לפני 3 חודשים

Description: Checks if the Amazon SageMaker RootAccess setting is enabled for Amazon SageMaker notebook instances. The rule is NON_COMPLIANT if the RootAccess setting is set to ‘Enabled’ for an Amazon SageMaker notebook instance.


Trigger type: Configuration changes


AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region

How to Resolve Manually

This config rule checks if root access is enabled for a particular Notebook Instance. The rule will be flagged as non-compliant if one instance is found with root access enabled.


In order to resolve this, go to Amazon SageMaker service within the AWS Console and then click on Notebook > Notebook instances from the lefthand menu. From there, you will see a list of all the instances deployed. Locate the one that is not in compliance and click on its name to enter to the Settings page.


To disable root access, you will need to stop the notebook first, so click on Stop button and wait until the instance is fully stopped. Then click on Edit button located in the Notebook instance settings tab.

From there, find the Permissions and encryption card to disable the root access, as shown in the following screenshot, and finally click on Update notebook instance button to save the settings.


Remember to start the instance again if you need to do so.

How to Resolve with StackZone

The StackZone remediation for this Config Rule will execute an SSM Document capable of disabling automatically the root access on the SageMaker Notebook Instances


To enable the Remediation for this Config Rule, head on over to Baseline Services > Config Rules Regional > Amazon SageMaker and enable the Notebook Instance Root Access Remediation.


Remember that this remediation will perform the steps outlined in the Manual Process above, which includes stopping the Notebook instance if it's running at the time of the Remediation execution.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us