AWS SageMaker model does not use network isolation
Description
This policy checks whether Amazon SageMaker models leverage network isolation. Network isolation restricts unauthorized network communication between computing resources, enhancing security. When enabled for SageMaker models, it ensures inference code runs in an internet-free environment, safeguarding your models and data sets from potential breaches. A violation of this policy indicates that the SageMaker model's network isolation is disabled, potentially exposing your models and data to security threats. Enabling network isolation strengthens your security posture and protects your valuable assets.
Code Example
resource "aws_sagemaker_model" "default" {
...
+ enable_network_isolation = true
}Remediation
Terraform
- Resource: aws_sagemaker_model
- Arguments: enable_network_isolation
Enable the network isolation parameter in your Terraform configuration for Amazon SageMaker models. This restricts unauthorized network access, strengthening your security posture.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0417 |
| Severity | MEDIUM |
| IaC Type | Cloudformation |
| Frameworks | Terraform, TerraformPlan, CloudFormation |
| Checkov ID | CKV_AWS_370 |