Ensure SageMaker Notebook is encrypted at rest using KMS CMK

ID

sagemaker_notebook_encryption

Severity

high

Vendor

AWS

Resource

Amazon Sagemaker Notebook

Tags

reachable

Description

Ensure Amazon SageMaker Notebook has a KMS key for encrypting data at rest, securing the following resources: Storage volume Processing jobs Training jobs Hyperparameter tuning jobs Batch transform jobs Endpoints

Examples

Buildtime

Terraform

resource "aws_sagemaker_notebook_instance" {
  name           = "notebook-instance"
  role_arn       = aws_iam_role.role.arn (1)
}
1 No kms key is set.

Mitigation / Fix

Buildtime

Terraform

resource "aws_sagemaker_notebook_instance"{
  name           = "notebook-instance"
  role_arn       = aws_iam_role.role.arn
  kms_key_id     = "KMS_KEY"(1)
}
1 Ensure a kms key is set for encryption.