16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
66 lines
1.6 KiB
Plaintext
66 lines
1.6 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
For https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_sagemaker/CfnNotebookInstance.html[aws_cdk.aws_sagemaker.CfnNotebookInstance]:
|
|
|
|
[source,python]
|
|
----
|
|
from aws_cdk import (
|
|
aws_sagemaker as sagemaker
|
|
)
|
|
|
|
class CfnSagemakerStack(Stack):
|
|
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
|
|
super().__init__(scope, construct_id, **kwargs)
|
|
|
|
sagemaker.CfnNotebookInstance(
|
|
self, "Sensitive",
|
|
instance_type="instanceType",
|
|
role_arn="roleArn"
|
|
) # Sensitive, no KMS key is set by default; thus, encryption is disabled
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
For https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_sagemaker/CfnNotebookInstance.html[aws_cdk.aws_sagemaker.CfnNotebookInstance]:
|
|
|
|
[source,python]
|
|
----
|
|
from aws_cdk import (
|
|
aws_sagemaker as sagemaker,
|
|
aws_kms as kms
|
|
)
|
|
|
|
class CfnSagemakerStack(Stack):
|
|
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
|
|
super().__init__(scope, construct_id, **kwargs)
|
|
|
|
my_key = kms.Key(self, "Key")
|
|
sagemaker.CfnNotebookInstance(
|
|
self, "Compliant",
|
|
instance_type="instanceType",
|
|
role_arn="roleArn",
|
|
kms_key_id=my_key.key_id
|
|
)
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
* Omitting `kms_key_id` disables encryption of SageMaker notebook instances. Make sure it is safe here.
|
|
|
|
|
|
endif::env-github,rspecator-view[]
|