turbot/steampipe-mod-aws-compliance

Control: 8 SageMaker notebook instances should run on supported platforms

Description

This control checks whether an Amazon SageMaker AI notebook instance is configured to run on a supported platform, based on the platform identifier specified for the notebook instance. The control fails if the notebook instance is configured to run on a platform that's no longer supported.

If the platform for an Amazon SageMaker AI notebook instance is no longer supported, it might not receive security patches, bug fixes, or other types of updates. Notebook instances might continue to function, but they won't receive SageMaker AI security updates or critical bug fixes. You assume the risks associated with using an unsupported platform. For more information, see JupyterLab versioning in the Amazon SageMaker AI Developer Guide.

Remediation

For information about the platforms that Amazon SageMaker AI currently supports and how to migrate to them, see Amazon Linux 2 notebook instances in the Amazon SageMaker AI Developer Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_sagemaker_8

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_sagemaker_8 --share

SQL

This control uses a named query:

select
arn as resource,
case
when platform_identifier like any ($1) then 'ok'
else 'alarm'
end as status,
case
when platform_identifier like any ($1) then title || ' runs on supported platform version(' || platform_identifier || ').'
else title || ' does not run on supported platform version(' || platform_identifier || ').'
end as reason
, region, account_id
from
aws_sagemaker_notebook_instance;

Params

ArgsNameDefaultDescriptionVariable
$1sagemaker_notebook_instance_supported_platform_version
["notebook-al2-v3"]
A list of supported platform versions for SageMaker notebook instance.

Tags