Control: 8 SageMaker notebook instances should run on supported platforms
Description
This control checks whether an Amazon SageMaker AI notebook instance is configured to run on a supported platform, based on the platform identifier specified for the notebook instance. The control fails if the notebook instance is configured to run on a platform that's no longer supported.
If the platform for an Amazon SageMaker AI notebook instance is no longer supported, it might not receive security patches, bug fixes, or other types of updates. Notebook instances might continue to function, but they won't receive SageMaker AI security updates or critical bug fixes. You assume the risks associated with using an unsupported platform. For more information, see JupyterLab versioning in the Amazon SageMaker AI Developer Guide.
Remediation
For information about the platforms that Amazon SageMaker AI currently supports and how to migrate to them, see Amazon Linux 2 notebook instances in the Amazon SageMaker AI Developer Guide.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_sagemaker_8Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_sagemaker_8 --shareSQL
This control uses a named query:
select arn as resource, case when platform_identifier like any ($1) then 'ok' else 'alarm' end as status, case when platform_identifier like any ($1) then title || ' runs on supported platform version(' || platform_identifier || ').' else title || ' does not run on supported platform version(' || platform_identifier || ').' end as reason , region, account_idfrom aws_sagemaker_notebook_instance;
Params
| Args | Name | Default | Description | Variable |
|---|---|---|---|---|
| $1 | sagemaker_notebook_instance_supported_platform_version | | A list of supported platform versions for SageMaker notebook instance. |