Posted On: Nov 17, 2020

Amazon SageMaker Studio is the first fully integrated development environment (IDE) for machine learning (ML). It provides a single, web-based visual interface where you can perform all ML development steps required to build, train, tune, debug, deploy, and monitor models. Starting today, you can encrypt your Amazon SageMaker Studio storage volumes with customer master keys (CMKs) managed by you in AWS Key Management Service (KMS).  

With a single click, data scientists and developers can quickly spin up SageMaker Studio Notebooks for exploring datasets and building models. SageMaker Studio comes with an attached Amazon Elastic File System (EFS) volume that enables you to save your notebook documents, scripts, repositories, and other data files on a highly durable and scalable storage. In addition, each SageMaker Studio Notebook instance comes with an attached Amazon EBS volume for the duration of running the instance. Starting today, you can specify your AWS KMS CMKs to encrypt both the storage volumes. This adds an additional layer of security to protect your stored data.

AWS KMS gives you centralized control over the encryption keys used to protect your data. You can create, import, rotate, disable, delete, define usage policies for, and audit the use of encryption keys used to encrypt your data. If you don't specify your own KMS key, SageMaker Studio encrypts the storage volumes with an AWS managed CMK

The feature is now available in all AWS regions where Amazon SageMaker Studio is available. You can enable this feature using AWS CLI, AWS SDK, and AWS management console for SageMaker. Visit the Amazon SageMaker documentation for more details.