Protect Data at Rest Using Encryption - Amazon SageMaker AI
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Protect Data at Rest Using Encryption

To protect your Amazon SageMaker Studio notebooks and SageMaker notebook instances, along with your model-building data and model artifacts, SageMaker AI encrypts the notebooks, as well as output from Training and Batch Transform jobs. SageMaker AI encrypts these by default using the Amazon Managed Key for Amazon S3. This Amazon Managed Key for Amazon S3 cannot be shared for cross-account access. For cross-account access, specify your customer managed key while creating SageMaker AI resources so that it can be shared for cross-account access. For data output to Amazon S3 Express One Zone, the data is encrypted with server-side encryption with Amazon S3 managed keys (SSE-S3). The data output to Amazon S3 directory buckets can't be encrypted with server-side encryption with Amazon Key Management Service keys (SSE-KMS). For more information on Amazon KMS, see What is Amazon Key Management Service?.

Topics