Misconfigured data encryption at rest for AWS SageMaker instance High

Data encryption at rest using KMS key is not configured in AWS SageMaker notebook instance. Make sure that Data encryption is configured at rest using KMS key in AWS SageMaker notebook instance.

Detector ID
terraform/misconfigured-sagemaker-kms-encryption-terraform@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1resource "aws_sagemaker_endpoint_configuration" "foo" {
2  name = "terraform-sagemaker-example"
3  # Noncompliant: all data stored in the Sagemaker Endpoint is not encrypted at rest.
4  production_variants {
5    variant_name           = "variant-1"
6    model_name             = aws_sagemaker_model.foo.name
7    initial_instance_count = 1
8    instance_type          = "ml.t2.medium"
9    initial_variant_weight = 1
10  }
11
12  tags = {
13    foo = "bar"
14  }
15}

Compliant example

1resource "aws_sagemaker_endpoint_configuration" "foo" {
2  name = "terraform-sagemaker-example"
3  # Compliant: all data stored in the Sagemaker Endpoint is securely encrypted at rest.
4  kms_key_arn = aws_kms_key.examplea.arn
5  production_variants {
6    variant_name           = "variant-1"
7    model_name             = aws_sagemaker_model.foo.name
8    initial_instance_count = 1
9    instance_type          = "ml.t2.medium"
10    initial_variant_weight = 1
11  }
12
13  tags = {
14    foo = "bar"
15  }
16}