Posted On: Nov 16, 2020

Amazon SageMaker Studio is the first fully integrated development environment (IDE) for machine learning (ML). It provides a single, web-based visual interface where you can perform all ML development steps required to build, train, tune, debug, deploy, and monitor models. Starting today, you can encrypt your Amazon SageMaker Studio storage volumes with customer master keys (CMKs) managed by you in Amazon Key Management Service (KMS).  

With a single click, data scientists and developers can quickly spin up SageMaker Studio Notebooks for exploring datasets and building models. SageMaker Studio comes with an attached Amazon Elastic File System (EFS) volume that enables you to save your notebook documents, scripts, repositories, and other data files on a highly durable and scalable storage. In addition, each SageMaker Studio Notebook instance comes with an attached Amazon EBS volume for the duration of running the instance. Starting today, you can specify your Amazon KMS CMKs to encrypt both the storage volumes. This adds an additional layer of security to protect your stored data.

Amazon KMS gives you centralized control over the encryption keys used to protect your data. You can create, import, rotate, disable, delete, define usage policies for, and audit the use of encryption keys used to encrypt your data. If you don't specify your own KMS key, SageMaker Studio encrypts the storage volumes with an Amazon managed CMK

The feature is now available in both Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD. You can enable this feature using Amazon CLI, Amazon SDK, and Amazon Web Services management console for SageMaker. Visit the Amazon SageMaker documentation for more details.