Skip to main content

AWS Sagemaker Security Patterns- Part 2

We are going to look into some best security architecture of AWS Sagemaker. By default AWS Sagemker is a managed service and everything is managed by the AWS, and not the customer.

We'll talk about Authentication & Authorization and Encryption patterns, in this part.

Image courtesy- AWS

Authentication & Authorization patterns:
1. Access via IAM authentication & authorization
2. No multi- tenancy of Saagemaker Notebooks. Each Data Scientist (DS) should be provided their own Notebook
3. Each DS should only be allowed to opens/ start/ stop the Notebook

4. Notebook creation should require additional permissions. Additional roles should be created for more privileged actions.

5. Root access to the Notebooks should be disabled.

Recommended IAM conditions for Sagemaker, which contains best practices for resource launch and running:

Encryption patterns:

1. Data  at rest- S3, Notebook- must be encypted with AWS KMS CMKs.

2. Data in transit - multi node training intercommunication- must be encrypted.