Plugin Title Notebook Data Encrypted
Cloud AWS
Category SageMaker
Description Ensure Notebook data is encrypted
More Info An optional encryption key can be supplied during Notebook Instance creation.
AWS Link https://docs.aws.amazon.com/sagemaker/latest/dg/API_CreateNotebookInstance.html#API_CreateNotebookInstance_RequestSyntax
Recommended Action An existing KMS key should be supplied during Notebook Instance creation.


Detailed Remediation Steps

  1. Log into the AWS Management Console.
  2. Select the "Services" option and search for Sagemaker.
  3. Scroll down the left navigation panel and choose the "Notebook instances" under "Notebook" in Amazon Sagemaker.
  4. Select the "Notebook instance" that needs to be verified and click on the "Name" to access the selected "Notebook instance" configuration.
  5. On the selected "Notebook instance" configuration page scroll down and check the "Permissions and encryption" tab. If "Encryption key" is not showing any value than the selected "Notebook instance" data is not encrypted.
  6. Repeat step number 2 - 5 to verify other "Notebook instances" in the selected AWS region.
  7. Navigate to "Sagemaker" and select the "Notebook instance" under "Notebook" and click on the "Create notebook instance" to create a new "Notebook instance" with data encrypted.
  8. On the "Create notebook instance" page provide a unique name under the "Notebook instance name" and select the "Notebook instance type" as per the requirements.
  9. Scroll down the "Create notebook instance" page and on the "Permissions and encryption" tab select the "IAM role" by either creating a new "IAM role" or entering the "Custom IAM role ARN". Select the "Encryption key" from the dropdown menu.
  10. Click on the "Create notebook instance" button at the bottom to create a new "Notebook instance".
  11. Once the new "Notebook instance" status is "InService" copy all the data from old "Notebook instance" to the new instance.
  12. Repeat steps number 7 - 11 to create the "Notebook instances" with an exisiting "KMS key".

Want to scan for this risk automatically?

Get Started Now