Description:
This policy ensures that all Amazon SageMaker Training jobs have intercontainer encryption enabled. This helps to protect the data that is exchanged between containers during training.
Rationale:
By default, Amazon Sage Maker Training jobs do not have inter container encryption enabled. This means that the data that is exchanged between containers during training is not encrypted. This could allow unauthorized users to access the data. Enabling inter container encryption helps to protect the data from this risk.
Impact:
If this policy is not followed, the data that is exchanged between containers during training could be accessed by unauthorized users. This could lead to the disclosure of sensitive information, such as training data or model parameters.
Default Value:
AWS recommends that all Amazon Sage Maker Training jobs have inter container encryption enabled.
Pre-Requisite:
To follow this policy, you will need to have access to the Amazon Sage Maker console.
Remediation Steps:
- In the Amazon Sage Maker console, go to the Training jobs page.
- Click on the name of the training job that you want to configure.
- In the Advanced section, select the Inter container encryption checkbox.
- Click on the Save button.
Test Plan:
- To verify that the training job has inter container encryption enabled, go to the Advanced section of the training job's configuration page.
- The Inter container encryption checkbox should be selected.
Using AWS CLI:
- Import the AWS CLI library.
- Get the SageMaker client.
- Get the name of the training job.
- Enable intercontainer encryption for the training job.
# Import the AWS CLI library import boto3 # Get the SageMaker client sagemaker = boto3.client('sagemaker') # Get the name of the training job training_job_name = 'my-training-job' # Enable intercontainer encryption for the training job response = sagemaker.update_training_job( TrainingJobName=training_job_name, EnableInterContainerEncryption=True ) # Print the response print(response)
Implementation Plan:
The implementation plan for this policy is to follow the remediation steps outlined above. This can be done manually or by using the AWS CLI.
Backout Plan:
The backout plan for this policy is to revoke the changes that were made to the training job's configuration. This can be done by following the steps outlined in the Test Plan
section.
Note:
- For more information about Amazon SageMaker intercontainer encryption, see the Amazon SageMaker documentation: https://docs.aws.amazon.com/sagemaker/latest/dg/train-encrypt.html
Reference:
https://docs.aws.amazon.com/sagemaker/latest/dg/train-encrypt.html