AWS Security Hub · SageMaker
SageMaker.14: Monitoring schedules network isolation
Written and reviewed by Emnode · Last reviewed
What does AWS Security Hub SageMaker.14 check?
SageMaker.14 fails when a monitoring schedule has `EnableNetworkIsolation` (inside its `NetworkConfig`) set to false. The check targets the schedule itself — not the underlying job definition — because the schedule carries the NetworkConfig that governs each recurring run.
Why does SageMaker.14 matter?
Each scheduled monitoring run launches internet-enabled unless isolation is set. Without it the recurring job container can reach the internet and AWS APIs, and retains runtime credentials — a standing outbound path that fires on every schedule. Isolation cuts that off, at the cost of planning VPC and S3 access so the job can still reach its data.
How do I fix SageMaker.14?
- List monitoring schedules and inspect `NetworkConfig.EnableNetworkIsolation` for those set to false.
- Use UpdateMonitoringSchedule (or recreate via CreateMonitoringSchedule) to enable isolation on the schedule.
- Plan VPC endpoints or staged data so the isolated runs can still reach the inputs they need.
- Default new schedules to isolation on, and clear siblings .11 and .12 in the same pass.
Remediation script · bash
# Disable root across every notebook that has it on (mutable on a stopped instance).
for n in $(aws sagemaker list-notebook-instances \
--query 'NotebookInstances[].NotebookInstanceName' --output text); do
root=$(aws sagemaker describe-notebook-instance --notebook-instance-name "$n" \
--query 'RootAccess' --output text)
if [ "$root" = "Enabled" ]; then
aws sagemaker stop-notebook-instance --notebook-instance-name "$n"
aws sagemaker wait notebook-instance-stopped --notebook-instance-name "$n"
aws sagemaker update-notebook-instance --notebook-instance-name "$n" --root-access Disabled
aws sagemaker start-notebook-instance --notebook-instance-name "$n"
echo "$n: root access disabled"
fi
done
# Immutable settings need a rebuild. Recreate a notebook locked down: private subnet,
# no direct internet. (DirectInternetAccess and SubnetId cannot be changed in place.)
aws sagemaker create-notebook-instance \
--notebook-instance-name ml-feature-exploration \
--instance-type ml.t3.medium \
--role-arn arn:aws:iam::111122223333:role/SageMakerExecution \
--subnet-id subnet-0ab12cd34ef56 \
--security-group-ids sg-0aa11bb22cc33 \
--direct-internet-access Disabled \
--root-access DisabledFull walkthrough (console steps, edge cases and verification) in the lesson Harden SageMaker and ML workloads.
More SageMaker controls
- SageMaker.1 A SageMaker notebook has direct internet access
- SageMaker.2 A SageMaker notebook is not launched in a VPC
- SageMaker.3 Users have root access on a SageMaker notebook
- SageMaker.4 Endpoint variants should have > 1 instance
- SageMaker.5 Models should have network isolation enabled
- SageMaker.8 Notebook instances should run supported platforms
- SageMaker.9 Data quality jobs inter-container encryption
- SageMaker.10 Explainability jobs inter-container encryption
- SageMaker.11 Data quality jobs network isolation
- SageMaker.12 Model bias jobs network isolation
- SageMaker.13 Model quality jobs inter-container encryption
- SageMaker.15 Model bias jobs inter-container encryption