AWS securityhub documentation change
Summary
Added two new SageMaker security controls: SageMaker.16 (models should use private registry in VPC for primary containers) and SageMaker.17 (feature group offline stores should be encrypted with AWS KMS keys)
Security assessment
This change adds documentation for two new security controls that enforce security best practices (network isolation and encryption at rest). There is no evidence these controls were added in response to a specific security incident; they appear to be proactive security enhancements.
Diff
diff --git a/securityhub/latest/userguide/sagemaker-controls.md b/securityhub/latest/userguide/sagemaker-controls.md index 1cef0104d..23b507181 100644 --- a//securityhub/latest/userguide/sagemaker-controls.md +++ b//securityhub/latest/userguide/sagemaker-controls.md @@ -5 +5 @@ -[SageMaker.1] Amazon SageMaker notebook instances should not have direct internet access[SageMaker.2] SageMaker notebook instances should be launched in a custom VPC[SageMaker.3] Users should not have root access to SageMaker notebook instances[SageMaker.4] SageMaker endpoint production variants should have an initial instance count greater than 1[SageMaker.5] SageMaker models should have network isolation enabled[SageMaker.6] SageMaker app image configurations should be tagged[SageMaker.7] SageMaker images should be tagged[SageMaker.8] SageMaker notebook instances should run on supported platforms[SageMaker.9] SageMaker data quality job definitions should have inter-container traffic encryption enabled[SageMaker.10] SageMaker model explainability job definitions should have inter-container traffic encryption enabled[SageMaker.11] SageMaker data quality job definitions should have network isolation enabled[SageMaker.12] SageMaker model bias job definitions should have network isolation enabled[SageMaker.13] SageMaker model quality job definitions should have inter-container traffic encryption enabled[SageMaker.14] SageMaker monitoring schedules should have network isolation enabled[SageMaker.15] SageMaker model bias job definitions should have inter-container traffic encryption enabled +[SageMaker.1] Amazon SageMaker notebook instances should not have direct internet access[SageMaker.2] SageMaker notebook instances should be launched in a custom VPC[SageMaker.3] Users should not have root access to SageMaker notebook instances[SageMaker.4] SageMaker endpoint production variants should have an initial instance count greater than 1[SageMaker.5] SageMaker models should have network isolation enabled[SageMaker.6] SageMaker app image configurations should be tagged[SageMaker.7] SageMaker images should be tagged[SageMaker.8] SageMaker notebook instances should run on supported platforms[SageMaker.9] SageMaker data quality job definitions should have inter-container traffic encryption enabled[SageMaker.10] SageMaker model explainability job definitions should have inter-container traffic encryption enabled[SageMaker.11] SageMaker data quality job definitions should have network isolation enabled[SageMaker.12] SageMaker model bias job definitions should have network isolation enabled[SageMaker.13] SageMaker model quality job definitions should have inter-container traffic encryption enabled[SageMaker.14] SageMaker monitoring schedules should have network isolation enabled[SageMaker.15] SageMaker model bias job definitions should have inter-container traffic encryption enabled[SageMaker.16] SageMaker models should use private registry in VPC for primary containers[SageMaker.17] SageMaker feature group offline stores should be encrypted with AWS KMS keys @@ -377,0 +378,44 @@ To enable inter-container traffic encryption for SageMaker model bias job defini +## [SageMaker.16] SageMaker models should use private registry in VPC for primary containers + +**Category:** Protect > Secure network configuration > Resources within VPC + +**Severity:** Medium + +**Resource type:** `AWS::SageMaker::Model` + +**AWS Config rule:** [sagemaker-model-private-registry-required](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-model-private-registry-required.html) + +**Schedule type:** Change triggered + +**Parameters:** None + +This control checks whether an Amazon SageMaker AI model pulls container image from a private registry in a VPC for the primary container. The control fails if the image is not configured or repository access mode is `Platform`. + +Using a private Docker registry in a VPC for SageMaker model containers ensures container images are pulled from trusted, controlled sources within your VPC. Also, it ensures container images are accessed through VPC endpoints, without traversing the public internet. + +### Remediation + +To configure private docker registries for SageMaker AI real-time inference containers, see [Use a Private Docker Registry for Real-Time Inference Containers](https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms-containers-inference-private.html) in the _Amazon SageMaker AI Developer Guide_. + +## [SageMaker.17] SageMaker feature group offline stores should be encrypted with AWS KMS keys + +**Category:** Protect > Data Protection > Encryption of data-at-rest + +**Severity:** Medium + +**Resource type:** `AWS::SageMaker::FeatureGroup` + +**AWS Config rule:** [sagemaker-featuregroup-encryption-at-rest](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-featuregroup-encryption-at-rest.html) + +**Schedule type:** Change triggered + +**Parameters:** None + +This control checks whether an Amazon SageMaker offline store for a feature group is encrypted at rest with an AWS KMS key. The control fails if the offline store S3 storage for a feature group is not encrypted with a KMS key. + +Using customer-managed AWS KMS keys for encryption at rest of SageMaker feature group offline stores provide enhanced security. Customer-managed KMS keys provide you full control over encryption key lifecycle and key policies. Additionally, all encryption key usage can be logged and monitored through AWS CloudTrail for auditability. + +### Remediation + +For information on enabling encryption at rest for SageMaker Feature Store offline stores using AWS KMS customer-managed keys, see [Security and access control](https://docs.aws.amazon.com/sagemaker/latest/dg/feature-store-security.html#feature-store-authorizing-use-cmk-offline-store) in the _Amazon SageMaker AI Developer Guide_. +