AWS Security ChangesHomeSearch

AWS cli documentation change

Service: cli · 2026-01-19 · Documentation high

File: cli/latest/reference/sagemaker/update-notebook-instance.md

Summary

Added a security note warning about lifecycle configuration scripts executing with root access and IAM role credentials, recommending security best practices.

Security assessment

Adds security guidance about potential privilege escalation risks when attaching lifecycle configurations. This is preventative documentation rather than addressing a known exploit.

Diff

diff --git a/cli/latest/reference/sagemaker/update-notebook-instance.md b/cli/latest/reference/sagemaker/update-notebook-instance.md
index 8e0885202..4134fa036 100644
--- a//cli/latest/reference/sagemaker/update-notebook-instance.md
+++ b//cli/latest/reference/sagemaker/update-notebook-instance.md
@@ -15 +15 @@
-  * [AWS CLI 2.33.1 Command Reference](../../index.html) »
+  * [AWS CLI 2.33.2 Command Reference](../../index.html) »
@@ -60,0 +61,4 @@ Updates a notebook instance. NotebookInstance updates include upgrading or downg
+### Note
+
+This API can attach lifecycle configurations to notebook instances. Lifecycle configuration scripts execute with root access and the notebook instance’s IAM execution role privileges. Principals with this permission and access to lifecycle configurations can execute code with the execution role’s credentials. See [Customize a Notebook Instance Using a Lifecycle Configuration Script](https://docs.aws.amazon.com/sagemaker/latest/dg/notebook-lifecycle-config.html) for security best practices.
+
@@ -601 +605 @@ None
-  * [AWS CLI 2.33.1 Command Reference](../../index.html) »
+  * [AWS CLI 2.33.2 Command Reference](../../index.html) »