Protect Data at Rest Using Encryption - Amazon SageMaker
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Protect Data at Rest Using Encryption

To protect your Amazon SageMaker Studio notebooks and SageMaker notebook instances, along with your model-building data and model artifacts, SageMaker encrypts the notebooks, as well as output from Training and Batch Transform jobs. SageMaker encrypts these by default using the Amazon Managed Key for Amazon S3. This Amazon Managed Key for Amazon S3 cannot be shared for cross-account access. For cross-account access, specify your customer managed key while creating SageMaker resources so that it can be shared for cross-account access. For data output to Amazon S3 Express One Zone, the data is encrypted with server-side encryption with Amazon S3 managed keys (SSE-S3). For more information on Amazon KMS, see What is Amazon Key Management Service?.

Topics