Studio notebooks - Amazon SageMaker AI
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Studio notebooks

In Amazon SageMaker Studio, your SageMaker Studio notebooks and data can be stored in the following locations:

  • An S3 bucket – When you onboard to Studio and enable shareable notebook resources, SageMaker AI shares notebook snapshots and metadata in an Amazon Simple Storage Service (Amazon S3) bucket.

  • An EFS volume – When you onboard to Studio, SageMaker AI attaches an Amazon Elastic File System (Amazon EFS) volume to your domain for storing your Studio notebooks and data files. The EFS volume persists after the domain is deleted.

  • An EBS volume – When you open a notebook in Studio, an Amazon Elastic Block Store (Amazon EBS) is attached to the instance that the notebook runs on. The EBS volume persists for the duration of the instance.

SageMaker AI uses the Amazon Key Management Service (Amazon KMS) to encrypt the S3 bucket and both volumes. By default, it uses a KMS key managed in an Amazon service account. For more control, you can specify your own customer managed key when you onboard to Studio or through the SageMaker API. For more information, see Amazon SageMaker AI domain overview and CreateDomain.

In the CreateDomain API, you use the S3KmsKeyId parameter to specify the customer managed key for shareable notebooks. You use the KmsKeyId parameter to specify the customer managed key for the EFS and EBS volumes. The same customer managed key is used for both volumes. The customer managed key for shareable notebooks can be the same customer managed key as used for the volumes or a different customer managed key.

Important

The working directory of your users within the storage volume is /home/sagemaker-user. If you specify your own Amazon KMS key, everything in the working directory is encrypted using your customer managed key. If you don't specify a Amazon KMS key, the data inside /home/sagemaker-user is encrypted with an Amazon managed key. Regardless of whether you specify an Amazon KMS key, all of the data outside of the working directory is encrypted with an Amazon Managed Key.