iCompaas Support

Description: 

This policy ensures that all Amazon SageMaker Models have network isolation enabled. This helps to protect the models from unauthorized access and to control the network traffic that they can send and receive.

Rationale: 

By default, Amazon SageMaker Models are not configured with network isolation. This means that they are accessible from the public internet, which could allow unauthorized access. Enabling network isolation helps to protect models from this risk.

• Impact: If this policy is not followed, models could be accessible from the public internet. This could allow unauthorized users to access the models and the data that they contain.
• Default Value: AWS recommends that all Amazon SageMaker Models have network isolation enabled.
• Pre-Requisite: To follow this policy, you will need to have access to the Amazon SageMaker console.

Remediation Steps:

• In the Amazon SageMaker console, go to the Models page.
• Click on the name of the model that you want to configure.
• In the Network section, select the Network isolation tab.
• Select the Enable network isolation checkbox.
• Click on the Save button.

Test Plan:

• To verify that the model has network isolation enabled, go to the Network section of the model's configuration page.
• The Network isolation checkbox should be selected.

Using AWS GUI:

• Go to the Amazon SageMaker console.
• Click on the Models page.
• Click on the name of the model that you want to configure.
• In the Network section, select the Network isolation tab.
• Select the Enable network isolation checkbox.
• Click on the Save button.

Using AWS CLI:

• Import the AWS CLI library.
• Get the SageMaker client.
• Get the name of the model.
• Enable network isolation for the model.

# Import the AWS CLI library import boto3 
# Get the SageMaker client sagemaker = boto3.client('sagemaker') 
# Get the name of the model model_name = 'my-model' 
# Enable network isolation for the model response = sagemaker.update_model(    ModelName=model_name,    EnableNetworkIsolation=True )
 # Print the response print(response)

Implementation Plan:
The implementation plan for this policy is to follow the remediation steps outlined above. This can be done manually or by using the AWS CLI.

Backout Plan:
The backout plan for this policy is to revoke the changes that were made to the model's configuration. This can be done by following the steps outlined in the Test Plan section.

Note:

• This policy does not apply to models that are created using the Amazon SageMaker Studio environment.
• For more information about Amazon SageMaker network isolation, see the Amazon SageMaker documentation: https://docs.aws.amazon.com/sagemaker/latest/dg/mkt-algo-model-internet-free.html
• 
  

Reference:
https://docs.aws.amazon.com/sagemaker/latest/dg/mkt-algo-model-internet-free.html