AWS sagemaker documentation change
Summary
Added VPC endpoint requirements for private HyperPod clusters with security group configuration guidance
Security assessment
Documents network security best practices for private cluster configurations but doesn't address a specific vulnerability. The guidance helps prevent exposure to public networks through proper VPC setup.
Diff
diff --git a/sagemaker/latest/dg/sagemaker-eks-operator-install.md b/sagemaker/latest/dg/sagemaker-eks-operator-install.md index e436f34e9..6b3f0be93 100644 --- a//sagemaker/latest/dg/sagemaker-eks-operator-install.md +++ b//sagemaker/latest/dg/sagemaker-eks-operator-install.md @@ -27,0 +28,2 @@ Before you use the HyperPod training operator, you must have completed the follo + * (Optional) If you run your HyperPod cluster nodes in a private VPC, you must set up PrivateLinks VPC endpoints for the Amazon SageMaker AI API (`com.amazonaws.`aws-region`.sagemaker.api`) and Amazon EKS Auth services (com.amazonaws.`aws-region`.eks-auth). You must also make sure that your cluster nodes are running with subnets that are in a security group that allows the traffic to route through the VPC endpoints to communicate with SageMaker AI and Amazon EKS. If these aren't properly set up, the add-on installation can fail. To learn more about setting up VPC endpoints, see [Create a VPC endpoint](https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html#create-interface-endpoint-aws). +