Severity Framework
Snyk CCSS
Rule category
IAM / Privileged Access
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
- Snyk ID SNYK-CC-00781
- credit Snyk Research Team
Description
Root access on SageMaker Notebook instances can lead to unauthorized system modifications and potential security breaches. It increases the risk of privilege escalation and system compromise by allowing users to execute commands with administrative privileges. This configuration should be avoided to maintain the principle of least privilege and ensure that only necessary permissions are granted to users.
How to fix?
Set the root_access
attribute in an aws_sagemaker_notebook_instance
resource to Disabled
.
Example Configuration
resource "aws_sagemaker_notebook_instance" "allowed" {
name = "allowed-notebook-instance"
role_arn = aws_iam_role.rule-781-role.arn
instance_type = "ml.t2.medium"
root_access = "Disabled"
}