Sagemaker Notebook Instance Should Have KMS Key Configured

More Info:

Risk Level

High

Address

Security

Compliance Standards

ISO27001,HIPAA,NISTCSF,PCIDSS,AWSSSB,RBI_UCB

Triage and Remediation

Sagemaker notebook instance cannot be encrypted after instance is created.

To configure the KMS key, delete the existing notebook instance and create a new one by following the below steps.

Log in to the AWS Management Console:
- Open the AWS Management Console and navigate to the SageMaker service.
Create a New Notebook Instance:
- Click on “Create notebook instance.”
Configure Notebook Instance:
- Fill in the “Notebook instance name,” “Notebook instance type,” and other required fields.
Configure Encryption:
- Scroll down to the “Encryption settings” section.
- Under “KMS key,” select an existing KMS key from the dropdown or enter the KMS key ID manually.
Create the Notebook Instance:
- After configuring all necessary settings, click on “Create notebook instance.”

To create a SageMaker notebook instance with a specified KMS key, you can use the following CLI command:

aws sagemaker create-notebook-instance \
    --notebook-instance-name <YourNotebookInstanceName> \
    --instance-type <InstanceType> \
    --role-arn <IAMRoleARN> \
    --kms-key-id <KMSKeyID> \
    --volume-size-in-gb <VolumeSize> \
    --default-code-repository <CodeRepositoryURL> \
    --additional-code-repositories <AdditionalCodeRepositories>

Replace the placeholders (<YourNotebookInstanceName>, <InstanceType>, <IAMRoleARN>, <KMSKeyID>, <VolumeSize>, <CodeRepositoryURL>, and <AdditionalCodeRepositories>) with appropriate values.

To create a SageMaker notebook instance with a specified KMS key using a Python script, you’ll need the boto3 library:

Install boto3 (if not already installed):

pip install boto3

Script to Create a Notebook Instance:

import boto3

sagemaker = boto3.client('sagemaker')

def create_notebook_instance():
    response = sagemaker.create_notebook_instance(
        NotebookInstanceName='<YourNotebookInstanceName>',
        InstanceType='<InstanceType>',
        RoleArn='<IAMRoleARN>',
        KmsKeyId='<KMSKeyID>',
        VolumeSizeInGB=<VolumeSize>,
        DefaultCodeRepository='<CodeRepositoryURL>',
        AdditionalCodeRepositories=['<AdditionalCodeRepositories>']
    )
    print(response)

# Replace placeholders with appropriate values
create_notebook_instance()

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Sagemaker Notebook Instance Should Have KMS Key Configured

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation