AWS cli documentation change
Summary
Added security note about lifecycle scripts executing with root access and IAM privileges
Security assessment
Added security best practices documentation warning about privileged execution context and recommending restricted access, but no evidence of addressing a specific vulnerability
Diff
diff --git a/cli/latest/reference/sagemaker/create-notebook-instance-lifecycle-config.md b/cli/latest/reference/sagemaker/create-notebook-instance-lifecycle-config.md index caf7960f8..f99d06ee3 100644 --- a//cli/latest/reference/sagemaker/create-notebook-instance-lifecycle-config.md +++ b//cli/latest/reference/sagemaker/create-notebook-instance-lifecycle-config.md @@ -15 +15 @@ - * [AWS CLI 2.33.1 Command Reference](../../index.html) » + * [AWS CLI 2.33.2 Command Reference](../../index.html) » @@ -70,0 +71,4 @@ For information about notebook instance lifestyle configurations, see [Step 2.1: +### Note + +Lifecycle configuration scripts execute with root access and the notebook instance’s IAM execution role privileges. Grant this permission only to trusted principals. See [Customize a Notebook Instance Using a Lifecycle Configuration Script](https://docs.aws.amazon.com/sagemaker/latest/dg/notebook-lifecycle-config.html) for security best practices. + @@ -406 +410 @@ NotebookInstanceLifecycleConfigArn -> (string) - * [AWS CLI 2.33.1 Command Reference](../../index.html) » + * [AWS CLI 2.33.2 Command Reference](../../index.html) »