AWS Machine Learning Blog

Limit access to a Jupyter notebook instance by IP address

For increased security, Amazon SageMaker customers can now limit access to a notebook instance to a range of IP addresses.

IP address filtering helps when you need to allow only a subset of traffic to access your notebook instances. You might want to limit notebook access in the following ways:

  • To comply with security and compliance requirements by blocking traffic except for a specific whitelist of IP addresses.
  • To test for specific geographies or demographics.
  • To allow access for an experiment-in-progress only to a group of people.

To restrict notebook instance access by IP addresses, you need to attach IP address conditional operator policies to your AWS Identity and Access Management (IAM) roles for all users or groups that will be accessing Amazon SageMaker notebooks. IAM is a web service that helps you securely control access to AWS resources. A policy is an entity that, when attached to an identity or resource, defines their permissions.

An IAM policy with an IP address conditional operator will deny access to CreatePresignedNotebookInstanceUrl and AuthorizedUrl unless the call comes from an IP address in the list that you specify. The policy also restricts access to opening a notebook instance in the Amazon SageMaker console. By defining Effect as Deny and using the NotIpAddress condition operator with the aws:SourceIP key, you will block all traffic coming from the internet except the list of IP addresses that you want to have access to the notebook instance.

The IP address condition will restrict access based on comparing a key to an IPv4 or IPv6 address or range of IP addresses. The value must be in the standard CIDR format (for example, or 2001:DB8:1234:5678::/64). If you specify an IP address without the associated routing prefix, IAM uses the default prefix value of /32.

Here is an example policy that limits access to a notebook instance to only IP addresses in the ranges and

     "Version": "2012-10-17",
     "Statement": {
         "Effect": "Deny",
         "Action": "sagemaker:CreatePresignedNotebookInstanceUrl",
         "Resource": "*",
         "Condition": {
             "NotIpAddress": {
                 "aws:SourceIp": [

This approach is useful when the IP addresses for your company are within well-defined ranges. Note that using this method to filter by IP address is incompatible with connecting to Amazon SageMaker through a VPC interface endpoint. This is because Amazon SageMaker notebook instances are currently accessible only over the internet.

About the Author

Erkan Tas is a Senior Technical Product Manager for Amazon SageMaker. He is on a mission to make Artificial Intelligence easy, accessible, and scalable through AWS platforms. He is also a sailor, science and nature admirer, Go and Stratocaster player.