Ensure that the data stored on Machine Learning (ML) storage volumes attached to your AWS SageMaker notebook instances is encrypted in order to meet regulatory requirements and protect your SageMaker data at rest. SageMaker is a fully-managed AWS service that enables developers and data engineers to quickly and easily build, train and deploy machine learning models at any scale. An AWS SageMaker notebook instance is a fully managed ML instance that is running the Jupyter Notebook open-source web application.
When working with sensitive or private data such as Personally Identifiable Information (PII), it is strongly recommended to implement encryption at rest in order to protect your data from unauthorized entities and fulfill any compliance requirements strictly defined within your organization.
To determine if your Amazon SageMaker instance storage volumes are using encryption, perform the following actions:
To enable data encryption for an existing AWS SageMaker notebook instance, you must re-create that notebook instance with the necessary encryption configuration. To launch your new SageMaker notebook instance, enable data-at-rest encryption and copy your existing data to it, perform the following actions: