AWS securityhub documentation change
Summary
Added six new SageMaker security controls (SageMaker.20 to SageMaker.25), fixed typos in existing controls, and expanded security documentation
Security assessment
The change adds documentation for six new security controls covering network isolation, encryption at rest with customer-managed KMS keys, and inter-container traffic encryption. These are proactive security enhancements rather than fixes for specific vulnerabilities. No evidence of addressing a concrete security incident is present.
Diff
diff --git a/securityhub/latest/userguide/sagemaker-controls.md b/securityhub/latest/userguide/sagemaker-controls.md index 014f8c215..ef125fe86 100644 --- a//securityhub/latest/userguide/sagemaker-controls.md +++ b//securityhub/latest/userguide/sagemaker-controls.md @@ -7 +7 @@ -[SageMaker.1] Amazon SageMaker notebook instances should not have direct internet access[SageMaker.2] SageMaker notebook instances should be launched in a custom VPC[SageMaker.3] Users should not have root access to SageMaker notebook instances[SageMaker.4] SageMaker endpoint production variants should have an initial instance count greater than 1[SageMaker.5] SageMaker models should have network isolation enabled[SageMaker.6] SageMaker app image configurations should be tagged[SageMaker.7] SageMaker images should be tagged[SageMaker.8] SageMaker notebook instances should run on supported platforms[SageMaker.9] SageMaker data quality job definitions should have inter-container traffic encryption enabled[SageMaker.10] SageMaker model explainability job definitions should have inter-container traffic encryption enabled[SageMaker.11] SageMaker data quality job definitions should have network isolation enabled[SageMaker.12] SageMaker model bias job definitions should have network isolation enabled[SageMaker.13] SageMaker model quality job definitions should have inter-container traffic encryption enabled[SageMaker.14] SageMaker monitoring schedules should have network isolation enabled[SageMaker.15] SageMaker model bias job definitions should have inter-container traffic encryption enabled[SageMaker.16] SageMaker models should use private registry in VPC for primary containers[SageMaker.17] SageMaker feature group offline stores should be encrypted with AWS KMS keys[SageMaker.18] SageMaker feature group online stores with standard storage should be encrypted with AWS KMS keys[SageMaker.19] SageMaker models should use private registry in VPC for multi-container inference pipelines +[SageMaker.1] Amazon SageMaker notebook instances should not have direct internet access[SageMaker.2] SageMaker notebook instances should be launched in a custom VPC[SageMaker.3] Users should not have root access to SageMaker notebook instances[SageMaker.4] SageMaker endpoint production variants should have an initial instance count greater than 1[SageMaker.5] SageMaker models should have network isolation enabled[SageMaker.6] SageMaker app image configurations should be tagged[SageMaker.7] SageMaker images should be tagged[SageMaker.8] SageMaker notebook instances should run on supported platforms[SageMaker.9] SageMaker data quality job definitions should have inter-container traffic encryption enabled[SageMaker.10] SageMaker model explainability job definitions should have inter-container traffic encryption enabled[SageMaker.11] SageMaker data quality job definitions should have network isolation enabled[SageMaker.12] SageMaker model bias job definitions should have network isolation enabled[SageMaker.13] SageMaker model quality job definitions should have inter-container traffic encryption enabled[SageMaker.14] SageMaker monitoring schedules should have network isolation enabled[SageMaker.15] SageMaker model bias job definitions should have inter-container traffic encryption enabled[SageMaker.16] SageMaker models should use private registry in VPC for primary containers[SageMaker.17] SageMaker feature group offline stores should be encrypted with AWS KMS keys[SageMaker.18] SageMaker feature group online stores with standard storage should be encrypted with AWS KMS keys[SageMaker.19] SageMaker models should use private registry in VPC for multi-container inference pipelines[SageMaker.20] SageMaker model explainability job definitions should have network isolation enabled[SageMaker.21] SageMaker notebook instances should be encrypted with customer managed AWS KMS keys[SageMaker.22] SageMaker monitoring schedules should have inter-container traffic encryption enabled[SageMaker.23] SageMaker inference experiments should have instance storage volume encrypted with customer managed AWS KMS keys[SageMaker.24] SageMaker inference experiments should have data storage encrypted with customer managed AWS KMS keys[SageMaker.25] SageMaker model quality job definitions should have network isolation enabled @@ -286 +286 @@ This control checks whether an Amazon SageMaker AI data quality monitoring job d -Network isolation reduces the attack. surface and prevents external access thereby protecting against unauthorized external access, accidental data exposure and potential data exfiltration. +Network isolation reduces the attack surface and prevents external access thereby protecting against unauthorized external access, accidental data exposure and potential data exfiltration. @@ -374 +374 @@ This control checks whether Amazon SageMaker model bias job definitions have int -EInter-container traffic encryption protects data transmitted between compute instances during distributed model bias monitoring jobs. Encryption prevents unauthorized access to model-related information such as weights that are transmitted between instances. +Inter-container traffic encryption protects data transmitted between compute instances during distributed model bias monitoring jobs. Encryption prevents unauthorized access to model-related information such as weights that are transmitted between instances. @@ -469,0 +470,132 @@ To configure private docker registries for SageMaker AI real-time inference cont +## [SageMaker.20] SageMaker model explainability job definitions should have network isolation enabled + +**Category:** Protect > Secure network configuration > Resources not publicly accessible + +**Severity:** High + +**Resource type:** `AWS::SageMaker::ModelExplainabilityJobDefinition` + +**AWS Config rule:** [sagemaker-model-explainability-job-network-isolation](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-model-explainability-job-network-isolation.html) + +**Schedule type:** Change triggered + +**Parameters:** None + +This control checks whether a SageMaker AI model explainability job definition has network isolation enabled. The control fails if the job definition does not have network isolation enabled. + +Network isolation prevents model explainability job containers from making outbound network calls, reducing the risk of data exfiltration and providing defense-in-depth for sensitive model and training data. + +### Remediation + +To enable network isolation for a SageMaker AI model explainability job definition, set `NetworkConfig.EnableNetworkIsolation` to `true` when creating the job definition. For more information about network isolation for SageMaker AI, see [Run training and inference containers in internet-free mode](https://docs.aws.amazon.com/sagemaker/latest/dg/mkt-algo-model-internet-free.html#mkt-algo-model-internet-free-isolation) in the _Amazon SageMaker AI Developer Guide_. + +## [SageMaker.21] SageMaker notebook instances should be encrypted with customer managed AWS KMS keys + +**Category:** Protect > Data protection > Encryption of data at rest + +**Severity:** Medium + +**Resource type:** `AWS::SageMaker::NotebookInstance` + +**AWS Config rule:** [sagemaker-notebook-instance-storage-vol-kms-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-notebook-instance-storage-vol-kms-encrypted.html) + +**Schedule type:** Change triggered + +**Parameters:** None + +This control checks whether a SageMaker AI notebook instance is configured with an AWS KMS key for storage volume encryption. The control fails if a KMS key is not configured for the notebook instance. + +Encryption of data at rest with a customer managed KMS key provides additional access control over the default AWS managed encryption. SageMaker AI notebook instances store user notebooks, datasets, model artifacts, and temporary processing data on ML storage volumes. A customer managed key enables fine-grained key policy control, CloudTrail audit logging of key usage, and compliance with frameworks requiring customer-controlled encryption. + +### Remediation + +To configure a KMS key for a SageMaker AI notebook instance, see [Notebook instances, SageMaker AI jobs, and Endpoints](https://docs.aws.amazon.com/sagemaker/latest/dg/encryption-at-rest-nbi.html) in the _Amazon SageMaker AI Developer Guide_. Note that `KmsKeyId` can only be set at notebook instance creation time. To remediate, create a new notebook instance with the KMS key specified and migrate your data from the existing instance. + +## [SageMaker.22] SageMaker monitoring schedules should have inter-container traffic encryption enabled + +**Category:** Protect > Data protection > Encryption of data in transit + +**Severity:** Medium + +**Resource type:** `AWS::SageMaker::MonitoringSchedule` + +**AWS Config rule:** [sagemaker-monitoring-schedule-traffic-encryption](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-monitoring-schedule-traffic-encryption.html) + +**Schedule type:** Change triggered + +**Parameters:** None + +This control checks whether an Amazon SageMaker AI monitoring schedule has encryption enabled for inter-container traffic. The control fails if the monitoring job definition does not have encryption enabled for inter-container traffic. + +Inter-container traffic encryption ensures that data transmitted between containers during monitoring jobs is encrypted in transit. Without this encryption, sensitive data processed during model monitoring could be exposed to unauthorized access within the network. Enabling this setting helps meet compliance requirements for protecting data in transit. + +### Remediation + +For an existing SageMaker AI monitoring schedule, inter-container traffic encryption cannot be updated in place. To create a new SageMaker AI monitoring schedule with inter-container traffic encryption enabled, use [API](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateMonitoringSchedule.html) or [CLI](https://docs.aws.amazon.com/cli/latest/reference/sagemaker/create-monitoring-schedule.html) or CloudFormation and set `EnableInterContainerTrafficEncryption` to `true` in the `NetworkConfig` of the `MonitoringJobDefinition`. + +## [SageMaker.23] SageMaker inference experiments should have instance storage volume encrypted with customer managed AWS KMS keys + +**Category:** Protect > Data protection > Encryption of data at rest + +**Severity:** Medium + +**Resource type:** `AWS::SageMaker::InferenceExperiment` + +**AWS Config rule:** [sagemaker-inf-experiment-instance-storage-kms-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-inf-experiment-instance-storage-kms-encrypted.html) + +**Schedule type:** Change triggered + +**Parameters:** None + +This control checks whether a SageMaker AI inference experiment is configured with an AWS KMS key for instance storage volume encryption. The control fails if a KMS key is not specified for instance storage volume encryption. + +Encrypting instance storage volumes with customer managed KMS keys provides centralized key management, audit logging, and key rotation control for model artifacts and temporary inference data stored on ML compute instances during shadow tests. + +### Remediation + +To configure a KMS key for a SageMaker AI inference experiment, specify the `KmsKey` parameter when calling `CreateInferenceExperiment`. The `KmsKey` can be a KMS key ID, ARN, alias, or alias ARN. The SageMaker AI execution role must have `kms:CreateGrant` permission on the key. For more information on specifying a customer managed AWS KMS key to SageMaker AI, see [Notebook instances, SageMaker AI jobs, and Endpoints](https://docs.aws.amazon.com/sagemaker/latest/dg/encryption-at-rest-nbi.html) in the _Amazon SageMaker AI Developer Guide_. + +## [SageMaker.24] SageMaker inference experiments should have data storage encrypted with customer managed AWS KMS keys + +**Category:** Protect > Data protection > Encryption of data at rest + +**Severity:** Medium + +**Resource type:** `AWS::SageMaker::InferenceExperiment` + +**AWS Config rule:** [sagemaker-inf-experiment-data-storage-kms-encrypted](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-inf-experiment-data-storage-kms-encrypted.html) + +**Schedule type:** Change triggered + +**Parameters:** None + +This control checks whether a SageMaker AI inference experiment with data capture enabled has a KMS key configured to encrypt captured data at rest. The control fails if the data storage configuration does not specify a KMS key for encryption. + +Encrypting captured inference request and response data with customer managed KMS keys ensures that sensitive inference payloads stored in Amazon S3 are protected with centralized key management and audit capabilities. + +### Remediation + +To configure a KMS key for data storage in a SageMaker AI inference experiment, specify the `KmsKey` field within `DataStorageConfig` when calling `CreateInferenceExperiment`. The `KmsKey` encrypts captured inference request and response data at rest in the specified Amazon S3 bucket. For more information on specifying a customer managed AWS KMS key to SageMaker AI, see [Notebook instances, SageMaker AI jobs, and Endpoints](https://docs.aws.amazon.com/sagemaker/latest/dg/encryption-at-rest-nbi.html) in the _Amazon SageMaker AI Developer Guide_. + +## [SageMaker.25] SageMaker model quality job definitions should have network isolation enabled + +**Category:** Protect > Secure network configuration > Resources not publicly accessible + +**Severity:** High + +**Resource type:** `AWS::SageMaker::ModelQualityJobDefinition` + +**AWS Config rule:** [sagemaker-model-quality-job-definition-isolation](https://docs.aws.amazon.com/config/latest/developerguide/sagemaker-model-quality-job-definition-isolation.html) + +**Schedule type:** Change triggered + +**Parameters:** None + +This control checks whether an Amazon SageMaker AI model quality job definition has network isolation enabled. The control fails if the model quality job definition does not have network isolation enabled. + +Network isolation reduces the attack surface and prevents external access, thereby protecting against unauthorized external access, accidental data exposure, and potential data exfiltration. + +### Remediation + +When you create a model quality job definition, you can enable network isolation by setting the value for the `EnableNetworkIsolation` parameter to `True`. For more information about network isolation for SageMaker AI, see [Run training and inference containers in internet-free mode](https://docs.aws.amazon.com/sagemaker/latest/dg/mkt-algo-model-internet-free.html#mkt-algo-model-internet-free-isolation) in the _Amazon SageMaker AI Developer Guide_. +