Prowler HUB

Check if Amazon SageMaker Notebook instances have root access disabled

sagemaker_notebook_instance_root_access_disabled

Severitymedium

Servicesagemaker

by Prowler

gen-ai

Check if Amazon SageMaker Notebook instances have root access disabled

Risk

Users with root access have administrator privileges, users can access and edit all files on a notebook instance with root access enabled

Run this check with Prowler CLI

prowler aws --checks sagemaker_notebook_instance_root_access_disabled

Run in Prowler Cloud

ARN template

arn:aws:sagemaker:region:account-id:notebook-instance

Remediation

WUI

Set the RootAccess field to Disabled. You can also disable root access for users when you create or update a notebook instance in the Amazon SageMaker console.

References:

https://docs.aws.amazon.com/sagemaker/latest/dg/nbi-root-access.html

Source Code

References

https://docs.aws.amazon.com/sagemaker/latest/dg/nbi-root-access.html

Resource Type

AwsSageMakerNotebookInstance

Check MetadataEdit

Check CodeEdit