MEDIUM SageMaker

SageMaker endpoint encryption

Check ID: aws-sagemaker-003

AWS-SAGEMAKER-003 is an AWS security check performed by cloud-audit, an open-source AWS security scanner. Checks if SageMaker endpoints use KMS encryption for data at rest. Without KMS encryption, model artifacts and inference data are encrypted with AWS-managed keys that provide less control.

Why it matters

SageMaker endpoints process inference requests containing potentially sensitive data - customer information, medical records, financial data, or proprietary business logic embedded in model inputs. Without customer-managed KMS encryption, model artifacts and inference data are encrypted with AWS-managed keys that cannot be audited, rotated on custom schedules, or restricted through key policies. Customer-managed KMS keys enable key usage auditing through CloudTrail, cross-account access controls, and automatic key rotation. For regulated workloads under HIPAA, PCI-DSS, or GDPR, customer-managed encryption keys are typically required to demonstrate adequate data protection controls and maintain the ability to cryptographically shred data by deleting the key.

Common causes

SageMaker endpoint configurations default to AWS-managed encryption, which satisfies the encryption-at-rest requirement without additional setup. Teams deploying ML models focus on inference performance and cost optimization rather than encryption configuration. The KMS key must be specified at endpoint configuration creation time and cannot be changed afterward, so teams that skip it during initial deployment must recreate the endpoint configuration to add customer-managed encryption.

Detection

Run cloud-audit to detect this issue:

pip install cloud-audit
cloud-audit scan -R

The -R flag includes remediation details for every finding, including this one.

Remediation: AWS CLI

# KMS key must be specified when creating the endpoint configuration:
aws sagemaker create-endpoint-config --endpoint-config-name CONFIG_NAME --production-variants '[{"VariantName": "main", "ModelName": "MODEL_NAME", "InstanceType": "ml.m5.large", "InitialInstanceCount": 1}]' --kms-key-id arn:aws:kms:REGION:ACCOUNT_ID:key/KEY_ID

Remediation: Terraform

resource "aws_sagemaker_endpoint_configuration" "main" {
  name        = "endpoint-config"
  kms_key_arn = aws_kms_key.sagemaker.arn

  production_variants {
    variant_name           = "main"
    model_name             = aws_sagemaker_model.main.name
    instance_type          = "ml.m5.large"
    initial_instance_count = 1
  }
}

This check is part of cloud-audit - install with pip install cloud-audit

Related SageMaker checks

HIGH aws-sagemaker-001

SageMaker notebook root access

HIGH aws-sagemaker-002

SageMaker notebook direct internet access

← All checks