AWS Security Hub · SageMaker
SageMaker.10: Explainability jobs inter-container encryption
Written and reviewed by Emnode · Last reviewed
What does AWS Security Hub SageMaker.10 check?
SageMaker.10 fails when a model explainability job definition has `EnableInterContainerTrafficEncryption` (inside `MonitoringNetworkConfig`) set to false. The flag defaults to off because AWS made it opt-in to avoid adding latency to existing jobs.
Why does SageMaker.10 matter?
Explainability jobs run distributed across instances and move the data being analysed between containers. Without inter-container encryption that traffic crosses the network unprotected, exposing sensitive feature data mid-job. Every definition created without explicitly setting the flag inherits the unencrypted default.
How do I fix SageMaker.10?
- Audit explainability job definitions and inspect `MonitoringNetworkConfig.EnableInterContainerTrafficEncryption`.
- Recreate each failing definition with the flag set to true — it cannot be patched in place.
- Set the flag explicitly in your IaC templates so new definitions never inherit the off default.
- Clear the related controls (.9, .13, .15) at the same time, since they check the same flag on sibling job types.
Remediation script · bash
# Disable root across every notebook that has it on (mutable on a stopped instance).
for n in $(aws sagemaker list-notebook-instances \
--query 'NotebookInstances[].NotebookInstanceName' --output text); do
root=$(aws sagemaker describe-notebook-instance --notebook-instance-name "$n" \
--query 'RootAccess' --output text)
if [ "$root" = "Enabled" ]; then
aws sagemaker stop-notebook-instance --notebook-instance-name "$n"
aws sagemaker wait notebook-instance-stopped --notebook-instance-name "$n"
aws sagemaker update-notebook-instance --notebook-instance-name "$n" --root-access Disabled
aws sagemaker start-notebook-instance --notebook-instance-name "$n"
echo "$n: root access disabled"
fi
done
# Immutable settings need a rebuild. Recreate a notebook locked down: private subnet,
# no direct internet. (DirectInternetAccess and SubnetId cannot be changed in place.)
aws sagemaker create-notebook-instance \
--notebook-instance-name ml-feature-exploration \
--instance-type ml.t3.medium \
--role-arn arn:aws:iam::111122223333:role/SageMakerExecution \
--subnet-id subnet-0ab12cd34ef56 \
--security-group-ids sg-0aa11bb22cc33 \
--direct-internet-access Disabled \
--root-access DisabledFull walkthrough (console steps, edge cases and verification) in the lesson Harden SageMaker and ML workloads.
More SageMaker controls
- SageMaker.1 A SageMaker notebook has direct internet access
- SageMaker.2 A SageMaker notebook is not launched in a VPC
- SageMaker.3 Users have root access on a SageMaker notebook
- SageMaker.4 Endpoint variants should have > 1 instance
- SageMaker.5 Models should have network isolation enabled
- SageMaker.8 Notebook instances should run supported platforms
- SageMaker.9 Data quality jobs inter-container encryption
- SageMaker.11 Data quality jobs network isolation
- SageMaker.12 Model bias jobs network isolation
- SageMaker.13 Model quality jobs inter-container encryption
- SageMaker.14 Monitoring schedules network isolation
- SageMaker.15 Model bias jobs inter-container encryption