SageMaker Notebook Instance Encryption Enabled

Overview

This check verifies that Amazon SageMaker notebook instances are configured with encryption at rest using a customer-managed AWS KMS key. SageMaker notebook instances store data on attached EBS volumes, and this check ensures that storage is protected with encryption you control.

Why it matters: Customer-managed KMS keys give you full control over who can access your data and when. You can rotate keys, revoke access instantly, and audit all usage through CloudTrail.

Risk

If this check fails, your SageMaker notebook data is either unencrypted or using only default AWS-managed encryption. This creates several risks:

• Data exposure: Anyone with access to the underlying storage could read your ML data, models, and code
• Compliance gaps: Many regulations (HIPAA, PCI-DSS, SOC 2) require customer-controlled encryption
• No key revocation: Without your own KMS key, you cannot instantly revoke access to data
• Limited audit trail: AWS-managed keys provide less visibility into who accessed your data

Severity: High

Remediation Steps

Prerequisites

You will need:

• AWS Console access with permissions to create SageMaker notebook instances
• An existing KMS key (or permission to create one)
• An IAM role for SageMaker to use

Creating a KMS key (if you don't have one)

Via AWS Console:

1. Go to AWS KMS > Customer managed keys
2. Click Create key
3. Choose Symmetric key type
4. Add an alias like sagemaker-notebooks
5. Grant your SageMaker IAM role permission to use the key

Via AWS CLI:

# Create the KMS key
aws kms create-key \
    --description "KMS key for SageMaker notebook encryption" \
    --region us-east-1

# Create an alias for easier reference (use the KeyId from above)
aws kms create-alias \
    --alias-name alias/sagemaker-notebooks \
    --target-key-id <your-key-id> \
    --region us-east-1

AWS Console Method

Important: You cannot enable encryption on an existing notebook instance. You must create a new encrypted instance and migrate your data.

1. Open the Amazon SageMaker Console
2. In the left navigation, click Notebook > Notebook instances
3. Click Create notebook instance
4. Enter a Notebook instance name (e.g., my-encrypted-notebook)
5. Choose an Instance type (e.g., ml.t3.medium)
6. Under Permissions and encryption:
   • Select an existing IAM role or create a new one
   • For Encryption key, select your customer-managed KMS key
7. (Recommended) Under Network, disable Direct internet access for better security
8. Click Create notebook instance

Migrating data from an unencrypted instance:

1. In your old notebook, save important files to S3
2. Stop and delete the old unencrypted instance
3. In your new encrypted instance, download files from S3

AWS CLI (optional)

Create an encrypted notebook instance:

aws sagemaker create-notebook-instance \
    --notebook-instance-name my-encrypted-notebook \
    --instance-type ml.t3.medium \
    --role-arn arn:aws:iam::<account-id>:role/<sagemaker-role> \
    --kms-key-id arn:aws:kms:us-east-1:<account-id>:key/<key-id> \
    --direct-internet-access Disabled \
    --root-access Disabled \
    --volume-size-in-gb 50 \
    --region us-east-1

Check if an existing instance has encryption:

aws sagemaker describe-notebook-instance \
    --notebook-instance-name <instance-name> \
    --region us-east-1 \
    --query 'KmsKeyId'

If this returns null, the instance is not using customer-managed encryption.

List all notebook instances to audit:

aws sagemaker list-notebook-instances \
    --region us-east-1 \
    --query 'NotebookInstances[*].NotebookInstanceName' \
    --output table

CloudFormation (optional)

AWSTemplateFormatVersion: '2010-09-09'
Description: SageMaker Notebook Instance with KMS Encryption

Parameters:
  NotebookInstanceName:
    Type: String
    Description: Name for the SageMaker notebook instance
    Default: my-encrypted-notebook

  InstanceType:
    Type: String
    Description: ML compute instance type
    Default: ml.t3.medium
    AllowedValues:
      - ml.t3.medium
      - ml.t3.large
      - ml.t3.xlarge
      - ml.m5.large
      - ml.m5.xlarge

  KMSKeyArn:
    Type: String
    Description: ARN of the KMS key for encryption

  SageMakerRoleArn:
    Type: String
    Description: ARN of the IAM role for SageMaker

Resources:
  SageMakerNotebookInstance:
    Type: AWS::SageMaker::NotebookInstance
    Properties:
      NotebookInstanceName: !Ref NotebookInstanceName
      InstanceType: !Ref InstanceType
      RoleArn: !Ref SageMakerRoleArn
      KmsKeyId: !Ref KMSKeyArn
      DirectInternetAccess: Disabled
      RootAccess: Disabled
      VolumeSizeInGB: 50

Outputs:
  NotebookInstanceArn:
    Description: ARN of the created notebook instance
    Value: !Ref SageMakerNotebookInstance

Deploy the stack:

aws cloudformation create-stack \
    --stack-name sagemaker-encrypted-notebook \
    --template-body file://template.yaml \
    --parameters \
        ParameterKey=KMSKeyArn,ParameterValue=arn:aws:kms:us-east-1:<account-id>:key/<key-id> \
        ParameterKey=SageMakerRoleArn,ParameterValue=arn:aws:iam::<account-id>:role/<role-name> \
    --region us-east-1

Terraform (optional)

terraform {
  required_version = ">= 1.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 4.0"
    }
  }
}

variable "notebook_instance_name" {
  description = "Name for the SageMaker notebook instance"
  type        = string
  default     = "my-encrypted-notebook"
}

variable "instance_type" {
  description = "ML compute instance type"
  type        = string
  default     = "ml.t3.medium"
}

variable "kms_key_arn" {
  description = "ARN of the KMS key for encryption"
  type        = string
}

variable "sagemaker_role_arn" {
  description = "ARN of the IAM role for SageMaker"
  type        = string
}

resource "aws_sagemaker_notebook_instance" "encrypted" {
  name                    = var.notebook_instance_name
  instance_type           = var.instance_type
  role_arn                = var.sagemaker_role_arn
  kms_key_id              = var.kms_key_arn
  direct_internet_access  = "Disabled"
  root_access             = "Disabled"
  volume_size             = 50

  tags = {
    Environment = "production"
    Encryption  = "enabled"
  }
}

output "notebook_instance_arn" {
  description = "ARN of the created notebook instance"
  value       = aws_sagemaker_notebook_instance.encrypted.arn
}

Deploy:

terraform init
terraform plan -var="kms_key_arn=arn:aws:kms:us-east-1:<account-id>:key/<key-id>" \
               -var="sagemaker_role_arn=arn:aws:iam::<account-id>:role/<role-name>"
terraform apply

Verification

After creating your encrypted notebook instance:

1. Go to the SageMaker Console
2. Click Notebook instances
3. Select your notebook instance
4. In the details pane, verify that Encryption key shows your KMS key ARN

Verify via AWS CLI

aws sagemaker describe-notebook-instance \
    --notebook-instance-name my-encrypted-notebook \
    --region us-east-1 \
    --query '{Name: NotebookInstanceName, KmsKeyId: KmsKeyId, Status: NotebookInstanceStatus}'

Expected output should show your KMS key ARN:

{
    "Name": "my-encrypted-notebook",
    "KmsKeyId": "arn:aws:kms:us-east-1:123456789012:key/abcd1234-...",
    "Status": "InService"
}

Additional Resources

• AWS Documentation: Protect Data at Rest Using Encryption
• AWS Documentation: SageMaker Notebook Instances
• AWS KMS Developer Guide
• Prowler Check Documentation

Notes

• Encryption cannot be added to existing instances. You must create a new notebook instance with encryption enabled and migrate your data.
• Data migration: Before deleting an unencrypted instance, export notebooks and data to S3, then import into the new encrypted instance.
• KMS key permissions: Ensure your SageMaker IAM role has kms:Encrypt, kms:Decrypt, kms:GenerateDataKey, and kms:DescribeKey permissions on the KMS key.
• Cost considerations: Customer-managed KMS keys incur a small monthly charge ($1/month per key) plus per-request charges.
• Key rotation: Enable automatic key rotation on your KMS key for additional security (KMS > Your key > Key rotation > Enable).