1. AWS SageMaker Developer Guide: "To control access to your data
we recommend that you create a private VPC and configure it so that your data is not accessible over the internet. To allow your Studio notebooks to access the Amazon S3 buckets where you store your data... create a VPC endpoint for Amazon S3."
Source: AWS SageMaker Developer Guide
Section: "Securing Amazon SageMaker Studio connectivity". Document path: SageMaker > SageMaker Studio > Administer Amazon SageMaker Studio > Securing Amazon SageMaker Studio connectivity.
2. AWS VPC User Guide: "A VPC endpoint enables you to privately connect your VPC to supported AWS services... without requiring an internet gateway
NAT device
VPN connection
or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network."
Source: AWS Virtual Private Cloud User Guide
Section: "VPC endpoints".
3. AWS Whitepaper - Building a Secure Data Lake on AWS: This whitepaper discusses architectural patterns for securing data. It states
"Use VPC endpoints to access data in Amazon S3 from your VPC without using public IPs and without traffic traversing the internet." This principle applies directly to securing the connection from a SageMaker instance within a VPC.
Source: AWS Whitepaper: "Building a Secure Data Lake on AWS"
Page 11
Section: "Network and Host Security".
