AWS Security ChangesHomeSearch

AWS sagemaker documentation change

Service: sagemaker · 2025-11-16 · Documentation medium

File: sagemaker/latest/dg/sagemaker-eks-operator-install.md

Summary

Added VPC endpoint requirements for private HyperPod clusters with security group configuration guidance

Security assessment

Documents network security best practices for private cluster configurations but doesn't address a specific vulnerability. The guidance helps prevent exposure to public networks through proper VPC setup.

Diff

diff --git a/sagemaker/latest/dg/sagemaker-eks-operator-install.md b/sagemaker/latest/dg/sagemaker-eks-operator-install.md
index e436f34e9..6b3f0be93 100644
--- a//sagemaker/latest/dg/sagemaker-eks-operator-install.md
+++ b//sagemaker/latest/dg/sagemaker-eks-operator-install.md
@@ -27,0 +28,2 @@ Before you use the HyperPod training operator, you must have completed the follo
+  * (Optional) If you run your HyperPod cluster nodes in a private VPC, you must set up PrivateLinks VPC endpoints for the Amazon SageMaker AI API (`com.amazonaws.`aws-region`.sagemaker.api`) and Amazon EKS Auth services (com.amazonaws.`aws-region`.eks-auth). You must also make sure that your cluster nodes are running with subnets that are in a security group that allows the traffic to route through the VPC endpoints to communicate with SageMaker AI and Amazon EKS. If these aren't properly set up, the add-on installation can fail. To learn more about setting up VPC endpoints, see [Create a VPC endpoint](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html#create-interface-endpoint-aws).
+