Ensure that the data stored on Machine Learning (ML) storage volumes attached to your AWS SageMaker notebook instances is encrypted in order to meet regulatory requirements and protect your SageMaker data at rest. SageMaker is a fully-managed AWS service that enables developers and data engineers to quickly and easily build, train and deploy machine learning models at any scale. An AWS SageMaker notebook instance is a fully managed ML instance that is running the Jupyter Notebook open-source web application.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When working with sensitive or private data such as Personally Identifiable Information (PII), it is strongly recommended to implement encryption at rest in order to protect your data from unauthorized entities and fulfill any compliance requirements strictly defined within your organization.
To determine if your Amazon SageMaker instance storage volumes are using encryption, perform the following actions:
To enable data encryption for an existing AWS SageMaker notebook instance, you must re-create that notebook instance with the necessary encryption configuration. To launch your new SageMaker notebook instance, enable data-at-rest encryption and copy your existing data to it, perform the following actions: