CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00781
- creditSnyk Research Team
Description
Root access on SageMaker Notebook instances can lead to unauthorized system modifications and potential security breaches. It increases the risk of privilege escalation and system compromise by allowing users to execute commands with administrative privileges. This configuration should be avoided to maintain the principle of least privilege and ensure that only necessary permissions are granted to users.
How to fix?
Set the root_access attribute in an aws_sagemaker_notebook_instance resource to Disabled.
Example Configuration
resource "aws_sagemaker_notebook_instance" "allowed" {
name = "allowed-notebook-instance"
role_arn = aws_iam_role.rule-781-role.arn
instance_type = "ml.t2.medium"
root_access = "Disabled"
}