Sagemaker Notebook Instance Should Have KMS Key Configured
More Info:
Sagemaker Notebook Instance Should Have KMS Key ConfiguredRisk Level
HighAddress
SecurityCompliance Standards
ISO27001,HIPAA,NISTCSF,PCIDSS,AWSSSB,RBI_UCBTriage and Remediation
Sagemaker notebook instance cannot be encrypted after instance is created.To configure the KMS key, delete the existing notebook instance and create a new one by following the below steps.
Using Console
Using Console
-
Log in to the AWS Management Console:
- Open the AWS Management Console and navigate to the SageMaker service.
-
Create a New Notebook Instance:
- Click on “Create notebook instance.”
-
Configure Notebook Instance:
- Fill in the “Notebook instance name,” “Notebook instance type,” and other required fields.
-
Configure Encryption:
- Scroll down to the “Encryption settings” section.
- Under “KMS key,” select an existing KMS key from the dropdown or enter the KMS key ID manually.
-
Create the Notebook Instance:
- After configuring all necessary settings, click on “Create notebook instance.”
Using CLI
Using CLI
To create a SageMaker notebook instance with a specified KMS key, you can use the following CLI command:Replace the placeholders (
<YourNotebookInstanceName>, <InstanceType>, <IAMRoleARN>, <KMSKeyID>, <VolumeSize>, <CodeRepositoryURL>, and <AdditionalCodeRepositories>) with appropriate values.Using Python
Using Python
To create a SageMaker notebook instance with a specified KMS key using a Python script, you’ll need the Replace the placeholders (
boto3 library:- Install
boto3(if not already installed):
- Script to Create a Notebook Instance:
<YourNotebookInstanceName>, <InstanceType>, <IAMRoleARN>, <KMSKeyID>, <VolumeSize>, <CodeRepositoryURL>, and <AdditionalCodeRepositories>) with appropriate values.