Error while creating SageMaker notebook outside of the VPC

[dosiennik]

Describe the bug

I tried to create a SageMaker notebook outside of the VPC. Unfortunately stack creation failed.

I check the logs and found the following errors:

`[Error at /dataall-notebook-b7ufg24a/Notebookb7ufg24a] AwsSolutions-SM1: The SageMaker notebook instance is not provisioned inside a VPC. Provisioning the notebook instances inside a VPC enables the notebook to access VPC-only resources such as EFS file systems

[Error at /dataall-notebook-b7ufg24a/Notebookb7ufg24a] AwsSolutions-SM3: The SageMaker notebook instance has direct internet access enabled. Disabling public accessibility helps minimize security risks.`

It seems to be due to the cdk-nag checks & rules.

Currently there is an inconsistency so the front-end allows creating a SageMaker notebook outside of the VPC but the back-end fails with an error at the time of the stack synthesis.

I think there are two options to fix it:

1. Don't allow to create a notebook outside of the vpc (make the vpc id and subnet id fields mandatory in the UI)
2. Exclude the two rules in the cdk-nag configuration file

Another question: do we need cdk-nag checks in the runtime?

How to Reproduce

1. Try to create a sagemaker notebook outside of the vpc by not specifying values for both vpc id and subnet id fields in the UI

Expected behavior

No response

Your project

No response

Screenshots

No response

OS

Mac

Python version

3.8

AWS data.all version

7615a258 - last commit id

Additional context

No response