Ensure AWS SageMaker notebook instance is configured with data encryption at rest using KMS key

Error: AWS SageMaker notebook instance not configured with data encryption at rest using KMS key

Bridgecrew Policy ID: BC_AWS_GENERAL_40
Checkov Check ID: CKV_AWS_98
Severity: HIGH

AWS SageMaker notebook instance not configured with data encryption at rest using KMS key

Description

Straight-forward check to ensure data encryption in Sagemaker.

Fix - Runtime

AWS Console

TBA

Fix - Buildtime

Terraform

  • Resource: aws_sagemaker_endpoint_configuration
  • Argument: kms_key_arn, specifying a KMS key will ensure data encryption.
resource "aws_sagemaker_endpoint_configuration" "example" {
  ...
  name        = "my-endpoint-config"
  kms_key_arn = aws_kms_key.examplea.arn
  production_variants {
    variant_name           = "variant-1"
    model_name             = aws_sagemaker_model.examplea.name
    initial_instance_count = 1
    instance_type          = "ml.t2.medium"
  }
  ...
}

Did this page help you?