AWS Security ChangesHomeSearch

AWS sagemaker documentation change

Service: sagemaker · 2026-03-04 · Documentation low

File: sagemaker/latest/dg/sagemaker-hyperpod-observability-addon.md

Summary

Added documentation about Restricted Instance Group (RIG) support including network isolation compliance and security constraint adaptations

Security assessment

Documents security feature implementation (boundary-aware deployments, network isolation compliance) but does not indicate resolution of a security vulnerability. Explains existing security controls rather than addressing new threats.

Diff

diff --git a/sagemaker/latest/dg/sagemaker-hyperpod-observability-addon.md b/sagemaker/latest/dg/sagemaker-hyperpod-observability-addon.md
index c95495aac..384230c2a 100644
--- a//sagemaker/latest/dg/sagemaker-hyperpod-observability-addon.md
+++ b//sagemaker/latest/dg/sagemaker-hyperpod-observability-addon.md
@@ -4,0 +5,2 @@
+Restricted Instance Group (RIG) support
+
@@ -8,0 +11,6 @@ Amazon SageMaker HyperPod (SageMaker HyperPod) provides a comprehensive, out-of-
+## Restricted Instance Group (RIG) support
+
+The observability add-on also supports clusters that contain Restricted Instance Groups. In RIG clusters, the add-on automatically adapts its deployment strategy to comply with the network isolation and security constraints of restricted nodes. DaemonSet components (node exporter, DCGM exporter, EFA exporter, Neuron monitor, and node collector) run on both standard and restricted nodes. Deployment components (central collector, Kube State Metrics, and Training Metrics Agent) are scheduled with boundary-aware logic to respect network isolation between instance groups. Container log collection with Fluent Bit is not available on restricted nodes.
+
+For information about setting up the add-on on clusters with Restricted Instance Groups, see [Setting up the SageMaker HyperPod observability add-on](./hyperpod-observability-addon-setup.html).
+