Description: 

This policy ensures that Amazon Sage Maker Notebook instances do not have root access enabled. This helps to protect notebook instances from unauthorized access and malicious activity.


Rationale: 

Root access provides full administrative privileges to a notebook instance. This means that users with root access can perform any action on the instance, including installing software, creating and modifying files, and accessing sensitive data. Enabling root access on notebook instances is a security risk, as it could allow unauthorized users to gain access to sensitive data or resources.


Impact: 

Disabling root access on notebook instances will prevent users from logging in to the instance using the root user. Users will need to use a different IAM user with the appropriate permissions to access the instance. This may cause some disruption for users who are used to logging in to notebook instances using the root user.


Default Value: 

By default, root access is enabled on Amazon Sage Maker Notebook instances.


Pre-requisites: 

To disable root access on Amazon Sage Maker Notebook instances, you will need the following: 

  • An IAM user with permissions to manage notebook instances. 
  • The name of the notebook instance that you want to disable root access for.


Remediation Steps: 

If you have accidentally enabled root access on a notebook instance, you can disable it by following the steps in this section.


Test Plan: 

To test that root access has been disabled on a notebook instance, 

  • you can try to log in to the instance using the root user. 
  • If you are unable to log in, then root access has been disabled successfully.


AWS Console Process:

To follow this policy using the AWS console, you can perform the following steps:

  • Log in to the AWS Management Console. 
  • Go to the Amazon Sage Maker console. 
  • In the left navigation pane, choose Notebook instances. 
  • Select the notebook instance that you want to disable root access for. 
  • In the Actions menu, choose Edit notebook instance. 
  • In the Root access section, select Disabled. 
  • Choose Save.


AWS CLI Process:

To follow this policy using the AWS CLI, you can perform the following steps:

  • The name of the notebook instance that you want to disable root access for. 
    aws sagemaker disable-notebook-instance-root-access 
  • To disable root access, run the following command.
    aws sagemaker disable-notebook-instance-root-access --notebook-instance-name my-notebook-instance 


Backout Plan: 

If you need to restore root access to a notebook instance, you can do so by following the steps in this section. 

  • Log in to the AWS Management Console. 
  • Go to the Amazon Sage Maker console. 
  • In the left navigation pane, choose Notebook instances. 
  • Select the notebook instance that you want to restore root access for. 
  • In the Actions menu, choose Edit notebook instance. 
  • In the Root access section, select Enabled. 
  • Choose Save.

Note: 

This is just a basic process for disabling root access on Amazon Sage Maker Notebook instances. For more detailed instructions, please refer to the Amazon Sage Maker documentation:


Reference:

https://aws.amazon.com/blogs/machine-learning/control-root-access-to-amazon-sagemaker-notebook-instances/