This document is relevant for: Inf1, Inf2, Trn1, Trn2, Trn3

Neuron Security Disclosures#

If you think you’ve found a potential security issue, please do not post it in the Issues. Instead, please follow the instructions here (https://aws.amazon.com/security/vulnerability-reporting/) or email AWS security directly (mailto:aws-security@amazon.com).

Important Security Information for Trainium Hardware#

Trainium hardware is designed to optimize performance for machine learning workloads. To deliver high performance, applications with access to Trainium devices have unrestricted access to instance physical memory.

What this means for your deployment:

  • Instance-level isolation is maintained: AWS EC2 ensures Trainium devices cannot access physical memory of other EC2 instances.

  • As a best practice to prevent unrestricted access to host physical memory by any user/application, we recommend implementing a permission model where:

    • A dedicated system group owns the device nodes

    • Only explicitly authorized users are added to this group

    • Device permissions prevent access by users outside the group

Customer responsibility: Ensure that only trusted applications have access to Tranium devices on Trainium instances. For more information, see the AWS Shared Responsibility Model.

Example Implementation Steps#

The steps below are an example you can follow to implement a security group using udev rules:

  1. Create a dedicated security group (in this example, neuron): sudo groupadd -r neuron

  2. Add authorized users to that security group: sudo usermod -aG neuron {username-to-add-here}, repeat for each user

  3. Configure udev rules. Create a udev rule to automatically set correct ownership and permissions when Trainium (neuron) devices are detected.

    Create the file /etc/udev/rules.d/neuron-udev.rules with the following content:

    # Neuron device access control
# Only members of the 'neuron' group can access 'neuron' devices.

SUBSYSTEM=="neuron*", KERNEL=="neuron*", GROUP="neuron", MODE="0660"

  4. Apply the configuration:

    sudo udevadm control —-reload sudo udevadm trigger —-subsystem-match=neuron

  5. Verify the configuration:

    ls -l /dev/neuron*

    Expected output:

    crw-rw---- 1 root neuron 239, 0 Jan 9 15:58 /dev/neuron0

This document is relevant for: Inf1, Inf2, Trn1, Trn2, Trn3