Amazon SageMaker notebook instances can process sensitive data, such as personal information, and should encrypt this data at rest.

Why is this an issue?

Amazon SageMaker notebook instances can process potentially sensitive data, such as personal information, as part of machine learning workflows. By default, SageMaker notebook instances do not encrypt data stored on the instance’s storage volume. This rule raises an issue when a notebook instance is created without a KMS key configured for encryption at rest.

What is the potential impact?

Exposure of sensitive data

When a SageMaker notebook instance is not encrypted, an attacker who gains access to the underlying storage media can read all data stored on it in plaintext. This includes training datasets, model artifacts, credentials, and any other sensitive information processed during machine learning workflows.

How to fix it

Code examples

The following code is vulnerable because the SageMaker notebook instance is created without specifying a KMS key, leaving data stored on the instance’s storage volume unencrypted.

Noncompliant code example

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  Notebook:  # Noncompliant: encryption disabled by default
    Type: AWS::SageMaker::NotebookInstance

Compliant solution

AWSTemplateFormatVersion: '2010-09-09'
Resources:
  Notebook:
    Type: AWS::SageMaker::NotebookInstance
    Properties:
      KmsKeyId:
        Fn::GetAtt:
          - SomeKey
          - KeyId

Resources

Documentation

• Protect Data at Rest Using Encryption
• AWS::SageMaker::NotebookInstance

Standards

• CWE - CWE-312 - Cleartext Storage of Sensitive Information
• STIG Viewer - Application Security and Development: V-222588 - The application must implement approved cryptographic mechanisms to prevent unauthorized modification of information at rest.