Protect Data at Rest Using Encryption

To protect your Amazon SageMaker Studio notebooks and SageMaker notebook instances, along with your model-building data and model artifacts, SageMaker AI encrypts the notebooks, as well as output from Training and Batch Transform jobs. SageMaker AI encrypts these by default using the AWS Managed Key for Amazon S3. This AWS Managed Key for Amazon S3 cannot be shared for cross-account access. For cross-account access, specify your customer managed key while creating SageMaker AI resources so that it can be shared for cross-account access. For data output to Amazon S3 Express One Zone, the data is encrypted with server-side encryption with Amazon S3 managed keys (SSE-S3). The data output to Amazon S3 directory buckets can't be encrypted with server-side encryption with AWS Key Management Service keys (SSE-KMS). For more information on AWS KMS, see What is AWS Key Management Service?.

Topics

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Data Protection

Studio notebooks