AWS Security ChangesHomeSearch

AWS sagemaker medium security documentation change

Service: sagemaker · 2025-04-25 · Security-related medium

File: sagemaker/latest/dg/appendix-notebook-and-internet-access.md

Summary

Added security warning about VPC configuration best practices and renamed section to 'VPC-only communication'

Security assessment

Explicit security guidance was added regarding least-privilege permissions for security groups. The warning directly addresses potential unauthorized access risks from misconfigured inbound rules, making this a security-related documentation improvement.

Diff

diff --git a/sagemaker/latest/dg/appendix-notebook-and-internet-access.md b/sagemaker/latest/dg/appendix-notebook-and-internet-access.md
index c7a171242..4db11762a 100644
--- a//sagemaker/latest/dg/appendix-notebook-and-internet-access.md
+++ b//sagemaker/latest/dg/appendix-notebook-and-internet-access.md
@@ -5 +5 @@
-Default communication with the internetVPC communication with the internetSecurity and Shared Notebook Instances
+Default communication with the internetVPC-only communication with the internetSecurity and Shared Notebook Instances
@@ -15 +15 @@ When your notebook allows _direct internet access_ , SageMaker AI provides a net
-## VPC communication with the internet
+## VPC-only communication with the internet
@@ -20,0 +21,4 @@ For information about creating a VPC interface endpoint to use AWS PrivateLink f
+###### Warning
+
+When you use a VPC for your notebook instance, you partly own the networking configuration for the instance. As a security best practice, we recommend that you apply least-privilege permissions to the inbound and outbound access that you permit with your security group rules. If you apply overly permissive inbound rule configurations, then users who have access to your VPC could access your Jupyter Notebooks without authenticating.
+