AWS Security Hub · SageMaker
SageMaker.15: Model bias jobs inter-container encryption
Written and reviewed by Emnode · Last reviewed
What does AWS Security Hub SageMaker.15 check?
SageMaker.15 fails when a model bias job definition declares an instance count of 2 or more and has `EnableInterContainerTrafficEncryption` set to false. A single-instance job passes automatically — there is no inter-container hop to protect.
Why does SageMaker.15 matter?
Once a bias job fans out across multiple instances, SageMaker moves the data under analysis between containers over the network. Without encryption that traffic is exposed. Teams often build and test on one instance where the control is silent, then scale to two in production and inherit a failing finding they never saw in dev.
How do I fix SageMaker.15?
- List model bias job definitions, focusing on those with an instance count of 2 or more, and check the encryption flag.
- Recreate each failing definition with `EnableInterContainerTrafficEncryption` set to true — the setting is immutable.
- Set the flag unconditionally in IaC, even for single-instance jobs, so scaling up never reopens the finding.
- Clear the related encryption controls (.9, .10, .13) in the same pass.
Remediation script · bash
# Disable root across every notebook that has it on (mutable on a stopped instance).
for n in $(aws sagemaker list-notebook-instances \
--query 'NotebookInstances[].NotebookInstanceName' --output text); do
root=$(aws sagemaker describe-notebook-instance --notebook-instance-name "$n" \
--query 'RootAccess' --output text)
if [ "$root" = "Enabled" ]; then
aws sagemaker stop-notebook-instance --notebook-instance-name "$n"
aws sagemaker wait notebook-instance-stopped --notebook-instance-name "$n"
aws sagemaker update-notebook-instance --notebook-instance-name "$n" --root-access Disabled
aws sagemaker start-notebook-instance --notebook-instance-name "$n"
echo "$n: root access disabled"
fi
done
# Immutable settings need a rebuild. Recreate a notebook locked down: private subnet,
# no direct internet. (DirectInternetAccess and SubnetId cannot be changed in place.)
aws sagemaker create-notebook-instance \
--notebook-instance-name ml-feature-exploration \
--instance-type ml.t3.medium \
--role-arn arn:aws:iam::111122223333:role/SageMakerExecution \
--subnet-id subnet-0ab12cd34ef56 \
--security-group-ids sg-0aa11bb22cc33 \
--direct-internet-access Disabled \
--root-access DisabledFull walkthrough (console steps, edge cases and verification) in the lesson Harden SageMaker and ML workloads.
More SageMaker controls
- SageMaker.1 A SageMaker notebook has direct internet access
- SageMaker.2 A SageMaker notebook is not launched in a VPC
- SageMaker.3 Users have root access on a SageMaker notebook
- SageMaker.4 Endpoint variants should have > 1 instance
- SageMaker.5 Models should have network isolation enabled
- SageMaker.8 Notebook instances should run supported platforms
- SageMaker.9 Data quality jobs inter-container encryption
- SageMaker.10 Explainability jobs inter-container encryption
- SageMaker.11 Data quality jobs network isolation
- SageMaker.12 Model bias jobs network isolation
- SageMaker.13 Model quality jobs inter-container encryption
- SageMaker.14 Monitoring schedules network isolation