I checked out this article which mentions using a VPC for SageMaker studio. There appear to be some security related IAM conditions available for SageMaker that could be turned into SCP guardrails.
Initial scan for potential rules brings up:
sagemaker:AppNetworkAccess
sagemaker:DirectInternetAccess
sagemaker:InterContainerTrafficEncryption
sagemaker:NetworkIsolation
These are by no means all encompassing or even applicable to SCP guardrails but are a good starting direction. You can find the conditions here.
I checked out this article which mentions using a VPC for SageMaker studio. There appear to be some security related IAM conditions available for SageMaker that could be turned into SCP guardrails.
Initial scan for potential rules brings up:
sagemaker:AppNetworkAccesssagemaker:DirectInternetAccesssagemaker:InterContainerTrafficEncryptionsagemaker:NetworkIsolationThese are by no means all encompassing or even applicable to SCP guardrails but are a good starting direction. You can find the conditions here.