AWS SageMaker notebook instance with root access enabled
Description
It's essential to restrict this level of access because providing root or admin rights can lead to misuse, intentional or accidental damage, or severe security breaches. These privileges allow users to perform actions on the platform that could modify or extract sensitive data, change configuration settings, or install unauthorized apps, among other things. Root access should only be given to trusted administrators who need such privileges to manage and secure systems.
Code Example
hcl
resource "aws_sagemaker_notebook_instance" "secure_instance" {
name = "secure_instance"
role_arn = aws_iam_role.role.arn
instance_type = "ml.t3.xlarge"
+ root_access = Disabled
}Remediation
Terraform
- Resource: aws_sagemaker_notebook_instance
- Arguments: root_access
To fix the issue, you need to make sure the `root_access` attribute should set to Disabled.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0354 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_307 |