SageMaker.9: Data quality jobs inter-container encryption

Written and reviewed by Emnode · Last reviewed 27 May 2026

What does AWS Security Hub SageMaker.9 check?

SageMaker.9 fails when a data quality job definition has `EnableInterContainerTrafficEncryption` set to false. The check inspects the job definition's setting regardless of how many instances the job actually uses.

Why does SageMaker.9 matter?

When a monitoring job fans out across two or more instances, your sensitive input data moves between containers over the network. Without inter-container encryption that traffic is in the clear. Leaving the flag off bakes an unencrypted default into a definition that may later scale up and silently start moving data without protection.

How do I fix SageMaker.9?

List data quality job definitions and check `EnableInterContainerTrafficEncryption` to find the failing ones.
Because the setting is immutable, delete and recreate each definition with the flag set to true.
Bake `EnableInterContainerTrafficEncryption=true` into your Terraform or CloudFormation so new definitions are compliant.
Fix the sibling controls (.10, .13, .15) in the same pass — they all check this flag on related job types.

Remediation script · bash

# Disable root across every notebook that has it on (mutable on a stopped instance).
for n in $(aws sagemaker list-notebook-instances \
    --query 'NotebookInstances[].NotebookInstanceName' --output text); do
  root=$(aws sagemaker describe-notebook-instance --notebook-instance-name "$n" \
    --query 'RootAccess' --output text)
  if [ "$root" = "Enabled" ]; then
    aws sagemaker stop-notebook-instance --notebook-instance-name "$n"
    aws sagemaker wait notebook-instance-stopped --notebook-instance-name "$n"
    aws sagemaker update-notebook-instance --notebook-instance-name "$n" --root-access Disabled
    aws sagemaker start-notebook-instance --notebook-instance-name "$n"
    echo "$n: root access disabled"
  fi
done

# Immutable settings need a rebuild. Recreate a notebook locked down: private subnet,
# no direct internet. (DirectInternetAccess and SubnetId cannot be changed in place.)
aws sagemaker create-notebook-instance \
  --notebook-instance-name ml-feature-exploration \
  --instance-type ml.t3.medium \
  --role-arn arn:aws:iam::111122223333:role/SageMakerExecution \
  --subnet-id subnet-0ab12cd34ef56 \
  --security-group-ids sg-0aa11bb22cc33 \
  --direct-internet-access Disabled \
  --root-access Disabled

Full walkthrough (console steps, edge cases and verification) in the lesson Harden SageMaker and ML workloads.

Is SageMaker.9 a false positive?

Teams running on a single instance argue there is no inter-container traffic to encrypt, so it should pass — but the control checks the definition regardless of instance count. Just set the flag to true; it is free and future-proofs the job for scaling up.

Full lesson Harden SageMaker and ML workloads Step-by-step remediation with CLI, code and persona-specific context.

AWS documentation for SageMaker controls ↗ Check your own account for SageMaker.9 →

Part of the learning path Lock down access

SageMaker.1 A SageMaker notebook has direct internet access
SageMaker.2 A SageMaker notebook is not launched in a VPC
SageMaker.3 Users have root access on a SageMaker notebook
SageMaker.4 Endpoint variants should have > 1 instance
SageMaker.5 Models should have network isolation enabled
SageMaker.8 Notebook instances should run supported platforms
SageMaker.10 Explainability jobs inter-container encryption
SageMaker.11 Data quality jobs network isolation
SageMaker.12 Model bias jobs network isolation
SageMaker.13 Model quality jobs inter-container encryption
SageMaker.14 Monitoring schedules network isolation
SageMaker.15 Model bias jobs inter-container encryption