Description:
This policy ensures that all Amazon SageMaker Training jobs have VPC settings configured. This helps to protect the data that is used during training from unauthorized access.
Rationale:
By default, Amazon SageMaker Training jobs do not have VPC settings configured. This means that the data that is used during training is accessible to all other instances in the same AWS Region. This could allow unauthorized users to access the data. Configuring VPC settings for training jobs helps to protect the data from this risk.
Impact:
If this policy is not followed, the data that is used during training could be accessed by unauthorized users. This could lead to the disclosure of sensitive information, such as training data or model parameters.
Default Value:
AWS recommends that all Amazon SageMaker Training jobs have VPC settings configured.
Pre-Requisite:
To follow this policy, you will need to have access to the Amazon SageMaker console and a VPC that you want to use for training jobs.
Remediation Steps:
- In the Amazon SageMaker console, go to the Training jobs page.
- Click on the name of the training job that you want to configure.
- In the Advanced section, select the VPC settings tab.
- In the VPC field, select the VPC that you want to use for training jobs.
- In the Subnets field, select the subnets that you want to use for training jobs.
- Click on the Save button.
Test Plan:
- To verify that the training job has VPC settings configured, go to the Advanced section of the training job's configuration page.
- The VPC field should show the VPC that you configured for the training job.
- The Subnets field should show the subnets that you configured for the training job.
Using AWS GUI:
- Go to the Amazon SageMaker console.
- Click on the Training jobs page.
- Click on the name of the training job that you want to configure.
- In the Advanced section, select the VPC settings tab.
- In the VPC field, select the VPC that you want to use for training jobs.
- In the Subnets field, select the subnets that you want to use for training jobs.
- Click on the Save button.
Using AWS CLI:
- Import the AWS CLI library.
- Get the SageMaker client.
- Get the name of the training job.
- Configure VPC settings for the training job.
# Import the AWS CLI library import boto3 # Get the SageMaker client sagemaker = boto3.client('sagemaker') # Get the name of the training job training_job_name = 'my-training-job' # Configure VPC settings for the training job response = sagemaker.update_training_job( TrainingJobName=training_job_name, VpcConfig=dict( VpcId='vpc-1234567890abcdef', Subnets=['subnet-1234567890abcdef', 'subnet-fedcba9876543210'] ) ) # Print the response print(response)Implementation Plan:
The implementation plan for this policy is to follow the remediation steps outlined above. This can be done manually or by using the AWS CLI.
Backout Plan:
The backout plan for this policy is to revoke the changes that were made to the training job's configuration. This can be done by following the steps outlined in the Test Plan
section.
Note:
For more information about Amazon SageMaker VPC settings, see the Amazon SageMaker documentation: https://docs.aws.amazon.com/sagemaker/latest/dg/host-vpc.html
Reference:
https://docs.aws.amazon.com/sagemaker/latest/dg/host-vpc.html