Skip to main content

AWS Solutions Library

Guidance for Encryption & Key Management on AWS

Overview

This Guidance helps customers who have on-premises restrictions or who have existing Kubernetes investments to use either Amazon Elastic Kubernetes Service (Amazon EKS) and Kubeflow or Amazon SageMaker to implement a hybrid, distributed machine learning (ML) training architecture. Kubernetes is a widely adopted system for automating infrastructure deployment, resource scaling, and management of containerized applications. The open-source community developed a layer on top of Kubernetes called Kubeflow, which aims to make the deployment of end-to-end ML workflows on Kubernetes simple, portable, and scalable. With the ability to choose between two approaches at runtime in this architecture, customers gain maximum control over their ML deployments. They can continue using open-source libraries in their deep learning training script and still make it compatible to run on both Kubernetes and SageMaker.

How it works

These technical details feature an architecture diagram to illustrate how to effectively use this solution. The architecture diagram shows the key components and their interactions, providing an overview of the architecture's structure and functionality step-by-step.

Download the architecture diagram PDF

Additional Considerations

In cloud computing, a robust encryption and key management capability has become essential for customers. Encryption shields against data breaches and unauthorized access by rendering sensitive information indecipherable to malicious actors. Effective key management supports secure key generation, distribution, rotation, and storage, improving the efficiency of operations management and reducing insider threat risks. Moreover, compliance with various regulations—like the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA)—demands data protection. As a result, encryption and key management are crucial for you to maintain regulatory adherence and foster customer trust. Developing an encryption and key management capability is imperative for you to safeguard data, achieve compliance, and secure sensitive information in the cloud.

Disclaimer

The sample code; software libraries; command line tools; proofs of concept; templates; or other related technology (including any of the foregoing that are provided by our personnel) is provided to you as AWS Content under the AWS Customer Agreement, or the relevant written agreement between you and AWS (whichever applies). You should not use this AWS Content in your production accounts, or on production or other critical data. You are responsible for testing, securing, and optimizing the AWS Content, such as sample code, as appropriate for production grade use based on your specific quality control practices and standards. Deploying AWS Content may incur AWS charges for creating or using AWS chargeable resources, such as running Amazon EC2 instances or using Amazon S3 storage.

References to third-party services or organizations in this Guidance do not imply an endorsement, sponsorship, or affiliation between Amazon or AWS and the third party. Guidance from AWS is a technical starting point, and you can customize your integration with third-party services when you deploy the architecture.