Skip to main content

πŸ›‘οΈ AWS SageMaker Notebook Instance Direct Internet Access is not disabled🟒

  • Contextual name: πŸ›‘οΈ Notebook Instance Direct Internet Access is not disabled🟒
  • ID: /ce/ca/aws/sagemaker/disable-notebook-instance-direct-internet-access
  • Tags:
  • Policy Type: COMPLIANCE_POLICY
  • Policy Categories: SECURITY

Logic​

Similar Policies​

Description​

Open File

Description​

This policy identifies AWS SageMaker Notebook Instances that have Direct Internet Access enabled. When this setting is enabled, SageMaker attaches a default network interface that allows the notebook instance to access the internet through a public IP address.

Rationale​

By default, SageMaker notebook instances are configured with direct internet access. While convenient, this configuration introduces potential security risks. It increases the attack surface by allowing unrestricted outbound connectivity, complicates the monitoring and control of data egress, and bypasses VPC-level security controls such as Security Groups, Network ACLs, and centralized traffic inspection mechanisms.

Disabling direct internet access ensures that all network traffic is routed through the customer-managed VPC. This enables the use of NAT Gateways, firewalls, and proxy services to enforce security policies, inspect traffic, and maintain stronger governance over data movement.

Impact​

Remediation requires provisioning a new SageMaker notebook instance with Direct Internet Access disabled, as this setting cannot be modified after the instance is created. As part of this process, data and configurations from the existing notebook instance may need to be migrated to the newly created instance.

... see more

Remediation​

Open File

Remediation​

Disable Direct Internet Access for SageMaker Notebook Instances​

To remediate this finding, provision a new AWS SageMaker Notebook Instance with Direct Internet Access disabled and migrate all required data and configurations from the existing incompliant instance. AWS does not allow the internet access setting of a notebook instance to be modified after creation.

From Command Line​
1. Create a New Notebook Instance Without Direct Internet Access​

Create a replacement notebook instance and explicitly disable direct internet access. Ensure the instance is associated with the appropriate VPC, subnets, and IAM role.

aws sagemaker create-notebook-instance \
    --notebook-instance-name {{new-instance-name}} \
    --instance-type {{instance-type}} \
    --role-arn {{iam-role-arn}} \
    --subnet-id {{subnet-id}} \
    --security-group-ids {{security-group-ids}} \
    --direct-internet-access Disabled
2. Migrate Data and Validate Functionality​
  • Wait until the new notebook instance reaches the InService state.

... see more

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό AWS Foundational Security Best Practices v1.0.0 β†’ πŸ’Ό [SageMaker.1] Amazon SageMaker AI notebook instances should not have direct internet access1no data
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Public and Anonymous Access114no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό AC-3 Access Enforcement (L)(M)(H)3782no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό AC-4 Information Flow Enforcement (M)(H)237101no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό AC-4(21) Physical or Logical Separation of Information Flows (M)(H)1160no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό AC-6 Least Privilege (M)(H)81174no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό AC-21 Information Sharing (M)(H)18no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SC-7 Boundary Protection (L)(M)(H)10879no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SC-7(3) Access Points (M)(H)18no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SC-7(4) External Telecommunications Services (M)(H)46no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SC-7(20) Dynamic Isolation and Segregation (H)18no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SC-7(21) Isolation of System Components (H)35no data
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό AC-3 Access Enforcement (L)(M)(H)82no data
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό SC-7 Boundary Protection (L)(M)(H)47no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό AC-3 Access Enforcement (L)(M)(H)82no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό AC-4 Information Flow Enforcement (M)(H)185no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό AC-4(21) Physical or Logical Separation of Information Flows (M)(H)60no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό AC-6 Least Privilege (M)(H)674no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό AC-21 Information Sharing (M)(H)18no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό SC-7 Boundary Protection (L)(M)(H)765no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό SC-7(3) Access Points (M)(H)18no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό SC-7(4) External Telecommunications Services (M)(H)46no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-01: Networks and network services are monitored to find potentially adverse events170no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events170no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-03: Representations of the organization's authorized network communication and internal and external network data flows are maintained86no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.AA-05: Access permissions, entitlements, and authorizations are defined in a policy, managed, enforced, and reviewed, and incorporate the principles of least privilege and separation of duties131no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected180no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected156no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected176no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό PR.IR-01: Networks and environments are protected from unauthorized logical access and usage119no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-3 Access Enforcement15557no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-3(7) Access Enforcement _ Role-based Access Control29no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-4 Information Flow Enforcement3269116no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-4(21) Information Flow Enforcement _ Physical or Logical Separation of Information Flows3760no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-6 Least Privilege102367no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-21 Information Sharing218no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7 Boundary Protection29486no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(3) Boundary Protection _ Access Points18no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(4) Boundary Protection _ External Telecommunications Services46no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(9) Boundary Protection _ Restrict Threatening Outgoing Communications Traffic29no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(11) Boundary Protection _ Restrict Incoming Communications Traffic35no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(16) Boundary Protection _ Prevent Discovery of System Components36no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(20) Boundary Protection _ Dynamic Isolation and Segregation18no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-7(21) Boundary Protection _ Isolation of System Components35no data
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 1.2.1 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic.1063no data
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 1.3.1 Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports.627no data
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 1.3.2 Limit inbound Internet traffic to IP addresses within the DMZ.27no data
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 1.3.4 Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet.14no data
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 1.3.5 Permit only β€œestablished” connections into the network.27no data
πŸ’Ό PCI DSS v3.2.1 β†’ πŸ’Ό 1.3.6 Place system components that store cardholder data in an internal network zone, segregated from the DMZ and other untrusted networks.14no data
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 1.3.1 Inbound traffic to the CDE is restricted.63no data
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 1.3.2 Outbound traffic from the CDE is restricted.63no data
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted.27no data
πŸ’Ό PCI DSS v4.0.1 β†’ πŸ’Ό 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks.14no data
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 1.3.1 Inbound traffic to the CDE is restricted.763no data
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 1.3.2 Outbound traffic from the CDE is restricted.63no data
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 1.4.2 Inbound traffic from untrusted networks to trusted networks is restricted.727no data
πŸ’Ό PCI DSS v4.0 β†’ πŸ’Ό 1.4.4 System components that store cardholder data are not directly accessible from untrusted networks.14no data