Skip to main content

SageMaker Notebook Instance VPC Settings Configured

Overview

This check verifies that Amazon SageMaker notebook instances are deployed within a Virtual Private Cloud (VPC) with proper network configuration. A properly configured notebook instance should have a subnet ID and security groups assigned, ensuring it operates within your private network rather than using public networking infrastructure.

Risk

When a SageMaker notebook instance is not configured with VPC settings, you face several security risks:

  • Data exposure: Traffic between your notebook and AWS services may traverse the public internet, where it could be intercepted
  • Lateral movement: Without network segmentation, attackers who compromise one system can more easily reach others
  • Loss of egress control: You cannot restrict outbound traffic to approved destinations only
  • Compliance gaps: Many regulatory frameworks require network isolation for sensitive workloads

Severity: High

Remediation Steps

Prerequisites

  • AWS account access with permissions to manage SageMaker resources
  • An existing VPC with at least one private subnet
  • A security group configured for SageMaker notebook access
Setting up VPC prerequisites

If you do not have a VPC configured, you will need:

  1. A VPC with DNS hostnames and DNS resolution enabled
  2. A private subnet in your VPC (recommended for notebook instances)
  3. A security group that allows:
    • Outbound HTTPS (443) to AWS services (or use VPC endpoints)
    • Any additional ports your notebooks need
  4. VPC endpoints (recommended) for private connectivity to:
    • SageMaker API (com.amazonaws.us-east-1.sagemaker.api)
    • SageMaker Runtime (com.amazonaws.us-east-1.sagemaker.runtime)
    • S3 (com.amazonaws.us-east-1.s3)

AWS Console Method

Important: You cannot modify VPC settings on an existing notebook instance. You must delete the instance and create a new one with VPC configuration.

Step 1: Back up your work

  1. Open the SageMaker Console
  2. Find your notebook instance and click its name
  3. If the instance is running, download any notebooks or files you want to keep
  4. Note down the current configuration (instance type, volume size, IAM role)

Step 2: Stop and delete the existing instance

  1. Select the notebook instance
  2. Click Actions > Stop and wait for it to stop
  3. Once stopped, click Actions > Delete
  4. Confirm the deletion

Warning: Deleting a notebook instance permanently removes all data stored on it. Ensure you have backed up important work.

Step 3: Create a new notebook instance with VPC settings

  1. Click Create notebook instance
  2. Enter a Notebook instance name
  3. Choose your Notebook instance type
  4. Expand the Network section
  5. Select your VPC
  6. Select a Subnet (use a private subnet for better security)
  7. Select one or more Security groups
  8. For Direct internet access, choose Disable (recommended for private subnets with VPC endpoints)
  9. Configure the remaining settings as needed
  10. Click Create notebook instance
AWS CLI (optional)

List existing notebook instances

aws sagemaker list-notebook-instances \
    --region us-east-1 \
    --query 'NotebookInstances[*].[NotebookInstanceName,NotebookInstanceStatus,SubnetId]' \
    --output table

Check if a specific instance has VPC settings

aws sagemaker describe-notebook-instance \
    --notebook-instance-name <your-notebook-name> \
    --region us-east-1 \
    --query '{Name:NotebookInstanceName,SubnetId:SubnetId,SecurityGroups:SecurityGroups}'

If SubnetId is null, the instance is not configured with VPC settings.

Stop the existing instance

aws sagemaker stop-notebook-instance \
    --notebook-instance-name <your-notebook-name> \
    --region us-east-1

Wait for the instance to stop:

aws sagemaker wait notebook-instance-stopped \
    --notebook-instance-name <your-notebook-name> \
    --region us-east-1

Delete the existing instance

aws sagemaker delete-notebook-instance \
    --notebook-instance-name <your-notebook-name> \
    --region us-east-1

Create a new instance with VPC configuration

aws sagemaker create-notebook-instance \
    --notebook-instance-name my-secure-notebook \
    --instance-type ml.t3.medium \
    --role-arn arn:aws:iam::<account-id>:role/<sagemaker-execution-role> \
    --subnet-id subnet-xxxxxxxxxxxxxxxxx \
    --security-group-ids sg-xxxxxxxxxxxxxxxxx \
    --direct-internet-access Disabled \
    --volume-size-in-gb 5 \
    --region us-east-1

Replace the placeholder values:

  • <account-id>: Your AWS account ID
  • <sagemaker-execution-role>: IAM role for SageMaker execution
  • subnet-xxxxxxxxxxxxxxxxx: Your private subnet ID
  • sg-xxxxxxxxxxxxxxxxx: Your security group ID
CloudFormation (optional)

CloudFormation Template

AWSTemplateFormatVersion: '2010-09-09'
Description: SageMaker Notebook Instance with VPC Configuration

Parameters:
  NotebookInstanceName:
    Type: String
    Description: Name for the SageMaker notebook instance
    Default: my-secure-notebook

  InstanceType:
    Type: String
    Description: ML compute instance type
    Default: ml.t3.medium
    AllowedValues:
      - ml.t3.medium
      - ml.t3.large
      - ml.t3.xlarge
      - ml.m5.xlarge
      - ml.m5.2xlarge

  SubnetId:
    Type: AWS::EC2::Subnet::Id
    Description: Subnet ID for the notebook instance (must be in a VPC)

  SecurityGroupId:
    Type: AWS::EC2::SecurityGroup::Id
    Description: Security group ID for the notebook instance

  VolumeSize:
    Type: Number
    Description: Size of the EBS volume in GB
    Default: 5
    MinValue: 5
    MaxValue: 16384

Resources:
  SageMakerExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub '${NotebookInstanceName}-execution-role'
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: sagemaker.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/AmazonSageMakerReadOnly

  SageMakerNotebookInstance:
    Type: AWS::SageMaker::NotebookInstance
    Properties:
      NotebookInstanceName: !Ref NotebookInstanceName
      InstanceType: !Ref InstanceType
      RoleArn: !GetAtt SageMakerExecutionRole.Arn
      SubnetId: !Ref SubnetId
      SecurityGroupIds:
        - !Ref SecurityGroupId
      DirectInternetAccess: Disabled
      VolumeSizeInGB: !Ref VolumeSize
      RootAccess: Disabled

Outputs:
  NotebookInstanceArn:
    Description: ARN of the SageMaker Notebook Instance
    Value: !Ref SageMakerNotebookInstance

  NotebookInstanceName:
    Description: Name of the SageMaker Notebook Instance
    Value: !Ref NotebookInstanceName

Deploy the stack

aws cloudformation create-stack \
    --stack-name sagemaker-notebook-vpc \
    --template-body file://template.yaml \
    --parameters \
        ParameterKey=NotebookInstanceName,ParameterValue=my-secure-notebook \
        ParameterKey=SubnetId,ParameterValue=subnet-xxxxxxxxxxxxxxxxx \
        ParameterKey=SecurityGroupId,ParameterValue=sg-xxxxxxxxxxxxxxxxx \
    --capabilities CAPABILITY_NAMED_IAM \
    --region us-east-1
Terraform (optional)

Terraform Configuration

terraform {
  required_version = ">= 1.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 4.0"
    }
  }
}

provider "aws" {
  region = "us-east-1"
}

variable "notebook_instance_name" {
  description = "Name for the SageMaker notebook instance"
  type        = string
  default     = "my-secure-notebook"
}

variable "instance_type" {
  description = "ML compute instance type"
  type        = string
  default     = "ml.t3.medium"
}

variable "subnet_id" {
  description = "Subnet ID for the notebook instance"
  type        = string
}

variable "security_group_ids" {
  description = "List of security group IDs"
  type        = list(string)
}

variable "volume_size" {
  description = "Size of the EBS volume in GB"
  type        = number
  default     = 5
}

# IAM role for SageMaker
resource "aws_iam_role" "sagemaker_execution_role" {
  name = "${var.notebook_instance_name}-execution-role"

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Principal = {
          Service = "sagemaker.amazonaws.com"
        }
      }
    ]
  })
}

resource "aws_iam_role_policy_attachment" "sagemaker_readonly" {
  role       = aws_iam_role.sagemaker_execution_role.name
  policy_arn = "arn:aws:iam::aws:policy/AmazonSageMakerReadOnly"
}

# SageMaker Notebook Instance with VPC configuration
resource "aws_sagemaker_notebook_instance" "main" {
  name                    = var.notebook_instance_name
  instance_type           = var.instance_type
  role_arn                = aws_iam_role.sagemaker_execution_role.arn
  subnet_id               = var.subnet_id
  security_groups         = var.security_group_ids
  direct_internet_access  = "Disabled"
  volume_size             = var.volume_size
  root_access             = "Disabled"

  tags = {
    Name = var.notebook_instance_name
  }
}

output "notebook_instance_arn" {
  description = "ARN of the SageMaker Notebook Instance"
  value       = aws_sagemaker_notebook_instance.main.arn
}

output "notebook_instance_name" {
  description = "Name of the SageMaker Notebook Instance"
  value       = aws_sagemaker_notebook_instance.main.name
}

Deploy with Terraform

# Create a terraform.tfvars file with your values
cat > terraform.tfvars << EOF
subnet_id          = "subnet-xxxxxxxxxxxxxxxxx"
security_group_ids = ["sg-xxxxxxxxxxxxxxxxx"]
EOF

# Initialize and apply
terraform init
terraform plan
terraform apply

Verification

After creating the new notebook instance, verify the VPC configuration:

  1. Open the SageMaker Console
  2. Click on your notebook instance name
  3. In the Network section, confirm:
    • VPC shows your VPC ID
    • Subnet shows your subnet ID
    • Security groups shows your security group(s)
CLI verification
aws sagemaker describe-notebook-instance \
    --notebook-instance-name my-secure-notebook \
    --region us-east-1 \
    --query '{Name:NotebookInstanceName,SubnetId:SubnetId,SecurityGroups:SecurityGroups,DirectInternetAccess:DirectInternetAccess}'

Expected output should show non-null values for SubnetId and SecurityGroups:

{
    "Name": "my-secure-notebook",
    "SubnetId": "subnet-xxxxxxxxxxxxxxxxx",
    "SecurityGroups": [
        "sg-xxxxxxxxxxxxxxxxx"
    ],
    "DirectInternetAccess": "Disabled"
}

Additional Resources

Notes

  • VPC settings cannot be changed after creation: You must delete and recreate the notebook instance to add VPC configuration
  • Data loss warning: Deleting a notebook instance permanently removes all data on the attached volume. Always back up important work first
  • Private subnets recommended: For maximum security, deploy notebook instances in private subnets with VPC endpoints for AWS service access
  • Direct internet access: When using a private subnet, set DirectInternetAccess to Disabled and use NAT gateways or VPC endpoints for outbound connectivity
  • Security group rules: Ensure your security group allows necessary outbound traffic (HTTPS to AWS services at minimum)