SageMaker Enabling Internet Access
- Query id: 88d55d94-315d-4564-beee-d2d725feab11
- Query name: SageMaker Enabling Internet Access
- Platform: CloudFormation
- Severity: Medium
- Category: Insecure Configurations
- URL: Github
Description¶
SageMaker must have disabled internet access and root access for Creating Notebook Instances.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: "Internet access and root access for Creating Notebook Instances"
Resources:
Notebook:
Type: AWS::SageMaker::NotebookInstance
Properties:
DirectInternetAccess: "Enabled"
InstanceType: "ml.c4.2xlarge"
RoleArn: "role"
Positive test num. 2 - json file
{
"Resources": {
"Notebook": {
"Type": "AWS::SageMaker::NotebookInstance",
"Properties": {
"InstanceType": "ml.c4.2xlarge",
"RoleArn": "role",
"DirectInternetAccess": "Enabled"
}
}
},
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Internet access and root access for Creating Notebook Instances"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
AWSTemplateFormatVersion: "2010-09-09"
Description: "Internet access and root access for Creating Notebook Instances"
Resources:
Notebook:
Type: AWS::SageMaker::NotebookInstance
Properties:
DirectInternetAccess: "Disabled"
InstanceType: "ml.c4.2xlarge"
RoleArn: "role"
Negative test num. 2 - json file
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Internet access and root access for Creating Notebook Instances",
"Resources": {
"Notebook": {
"Type": "AWS::SageMaker::NotebookInstance",
"Properties": {
"DirectInternetAccess": "Disabled",
"InstanceType": "ml.c4.2xlarge",
"RoleArn": "role"
}
}
}
}