AWS SageMaker domain modified to allow public access
Description
AlphaSOC detected configuration changes that exposed an Amazon SageMaker domain to the public internet, likely due to misconfigured security groups or VPC settings allowing inbound traffic from 0.0.0.0/0. Amazon SageMaker is a fully managed service for building, training, and deploying machine learning models at scale. This exposure risks unauthorized access to sensitive training data, machine learning models, and computational resources in SageMaker Studio or endpoints, bypassing VPC and IAM security controls.
Impact
Public exposure of SageMaker domains allows threat actors to access sensitive training data and machine learning models stored in the domain or associated S3 buckets. Adversaries can consume costly GPU compute resources, extract proprietary algorithms, or deploy malicious inference endpoints to manipulate outputs or exfiltrate data. Attackers may also escalate privileges to other AWS services, such as S3 buckets or RDS databases, through overly permissive IAM roles attached to the domain.
Severity
| Severity | Condition |
|---|---|
Low | AWS SageMaker domain made public |
Investigation and Remediation
Review CloudTrail logs to identify the user and API calls that modified the domain. Revert SageMaker domain access to private endpoints only and audit all domain activity during the exposure period. Rotate any compromised credentials and access keys. Verify ML model and data integrity across the domain. Implement preventive controls through SCPs and IAM policies to prevent future unauthorized modifications.