feature: support inter container traffic encryption for processing jobs

Author: szeinedd

src/sagemaker/network.py

@@ -20,23 +20,35 @@ class NetworkConfig(object):
     """Accepts network configuration parameters and provides a method to turn these parameters
     into a dictionary."""
 
-    def __init__(self, enable_network_isolation=False, security_group_ids=None, subnets=None):
+    def __init__(
+        self,
+        enable_network_isolation=False,
+        encrypt_inter_container_traffic=False,
+        security_group_ids=None,
+        subnets=None,
+    ):
         """Initialize a ``NetworkConfig`` instance. NetworkConfig accepts network configuration
         parameters and provides a method to turn these parameters into a dictionary.
 
         Args:
             enable_network_isolation (bool): Boolean that determines whether to enable
                 network isolation.
+            encrypt_inter_container_traffic (bool): Boolean that determines whether to
+                encrypt inter-container traffic.
             security_group_ids ([str]): A list of strings representing security group IDs.
             subnets ([str]): A list of strings representing subnets.
         """
         self.enable_network_isolation = enable_network_isolation
+        self.encrypt_inter_container_traffic = encrypt_inter_container_traffic
         self.security_group_ids = security_group_ids
         self.subnets = subnets
 
     def _to_request_dict(self):
         """Generates a request dictionary using the parameters provided to the class."""
-        network_config_request = {"EnableNetworkIsolation": self.enable_network_isolation}
+        network_config_request = {
+            "EnableNetworkIsolation": self.enable_network_isolation,
+            "EnableInterContainerTrafficEncryption": self.encrypt_inter_container_traffic,
+        }
 
         if self.security_group_ids is not None or self.subnets is not None:
             network_config_request["VpcConfig"] = {}

tests/unit/test_processing.py

@@ -141,6 +141,7 @@ def test_sklearn_with_all_parameters(exists_mock, isfile_mock, ecr_prefix, sagem
             subnets=["my_subnet_id"],
             security_group_ids=["my_security_group_id"],
             enable_network_isolation=True,
+            encrypt_inter_container_traffic=True,
         ),
         sagemaker_session=sagemaker_session,
     )
@@ -330,6 +331,7 @@ def test_script_processor_with_all_parameters(exists_mock, isfile_mock, sagemake
             subnets=["my_subnet_id"],
             security_group_ids=["my_security_group_id"],
             enable_network_isolation=True,
+            encrypt_inter_container_traffic=True,
         ),
         sagemaker_session=sagemaker_session,
     )
@@ -405,6 +407,7 @@ def test_processor_with_all_parameters(sagemaker_session):
             subnets=["my_subnet_id"],
             security_group_ids=["my_security_group_id"],
             enable_network_isolation=True,
+            encrypt_inter_container_traffic=True,
         ),
     )
 
@@ -580,6 +583,7 @@ def _get_expected_args_all_parameters(job_name):
         "environment": {"my_env_variable": "my_env_variable_value"},
         "network_config": {
             "EnableNetworkIsolation": True,
+            "EnableInterContainerTrafficEncryption": True,
             "VpcConfig": {
                 "SecurityGroupIds": ["my_security_group_id"],
                 "Subnets": ["my_subnet_id"],

tests/unit/test_session.py

@@ -131,6 +131,7 @@ def test_process(boto_session):
         },
         "environment": {"my_env_variable": 20},
         "network_config": {
+            "EnableInterContainerTrafficEncryption": True,
             "EnableNetworkIsolation": True,
             "VpcConfig": {
                 "SecurityGroupIds": ["my_security_group_id"],
@@ -219,6 +220,7 @@ def test_process(boto_session):
         },
         "Environment": {"my_env_variable": 20},
         "NetworkConfig": {
+            "EnableInterContainerTrafficEncryption": True,
             "EnableNetworkIsolation": True,
             "VpcConfig": {
                 "SecurityGroupIds": ["my_security_group_id"],