AWS cli documentation change
Summary
Added a security note warning about lifecycle configuration scripts executing with root access and IAM role credentials, recommending security best practices.
Security assessment
Adds security guidance about potential privilege escalation risks when attaching lifecycle configurations. This is preventative documentation rather than addressing a known exploit.
Diff
diff --git a/cli/latest/reference/sagemaker/update-notebook-instance.md b/cli/latest/reference/sagemaker/update-notebook-instance.md index 8e0885202..4134fa036 100644 --- a//cli/latest/reference/sagemaker/update-notebook-instance.md +++ b//cli/latest/reference/sagemaker/update-notebook-instance.md @@ -15 +15 @@ - * [AWS CLI 2.33.1 Command Reference](../../index.html) » + * [AWS CLI 2.33.2 Command Reference](../../index.html) » @@ -60,0 +61,4 @@ Updates a notebook instance. NotebookInstance updates include upgrading or downg +### Note + +This API can attach lifecycle configurations to notebook instances. Lifecycle configuration scripts execute with root access and the notebook instance’s IAM execution role privileges. Principals with this permission and access to lifecycle configurations can execute code with the execution role’s credentials. See [Customize a Notebook Instance Using a Lifecycle Configuration Script](https://docs.aws.amazon.com/sagemaker/latest/dg/notebook-lifecycle-config.html) for security best practices. + @@ -601 +605 @@ None - * [AWS CLI 2.33.1 Command Reference](../../index.html) » + * [AWS CLI 2.33.2 Command Reference](../../index.html) »