AWS Sagemaker data quality job not encrypting model artifacts with KMS

Description

This policy checks whether Amazon SageMaker Data Quality Jobs leverage AWS Key Management Service (KMS) to encrypt model artifacts. Unencrypted model artifacts pose a significant security concern. Without encryption, sensitive information within your models could be exposed to malicious actors. This could lead to data breaches, compromising the integrity and confidentiality of the data used by your models. KMS provides a secure solution for managing encryption keys, ensuring the protection of your machine learning assets.

Code Example

resource "aws_sagemaker_data_quality_job_definition" "example" {
  ...

  data_quality_job_output_config {
+    kms_key_id = "arn:aws:kms:us-west-2:123456789012:key/my-existing-kms-key-id"
    ...
  }

  ...
}

Remediation

Terraform

Resource: aws_sagemaker_data_quality_job_definition
Arguments: data_quality_job_output_config/kms_key_id

Encrypt your AWS SageMaker Data Quality Job output. Specify the KMS key in the data_quality_job_output_config block of your Terraform configuration file, as displayed in the example below.

Rule Details

Field	Value
ID	IAC-0414
Severity	LOW
IaC Type	Cloudformation
Frameworks	Terraform, TerraformPlan, CloudFormation
Checkov ID	CKV_AWS_367

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

AWS Sagemaker data quality job not encrypting model artifacts with KMS

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

AWS Sagemaker data quality job not encrypting model artifacts with KMS ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

AWS Sagemaker data quality job not encrypting model artifacts with KMS

Description

Code Example

Remediation

Rule Details

References