Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-perimeter
Overview
3Dashboards
62Benchmarks
0Queries
5Variables
GitHub

Control: SageMaker notebook instances should be prohibited from direct internet access

Description

Access to internet could provide an avenue for unauthorized access to your data. Ensure that SageMaker notebook instances do not allow direct internet access.

Usage

Run the control in your terminal:

powerpipe control run aws_perimeter.control.sagemaker_notebook_instance_direct_internet_access_disabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_perimeter.control.sagemaker_notebook_instance_direct_internet_access_disabled --share

Steampipe Tables

aws_sagemaker_notebook_instance
AWS plugin

SQL

select
  arn as resource,
  case
    when direct_internet_access = 'Enabled' then 'alarm'
    else 'ok'
  end status,
  case
    when direct_internet_access = 'Enabled' then title || ' instance has direct internet access enabled.'
    else title || ' instance has direct internet access disabled.'
  end reason
  
  , region, account_id
from
  aws_sagemaker_notebook_instance;

Tags

category = Perimeter
plugin = aws
service = AWS/SageMaker