AWS SageMaker notebook instance is not configured with data encryption at rest using KMS key

Home
»
AWS Documentation
»
General
»
AWS SageMaker notebook instance is not configured with data encryption at rest using KMS key

AWS SageMaker notebook instance is not configured with data encryption at rest using KMS key

Description

This is a straight-forward check to ensure data encryption for Sagemaker notebooks, this check verifies that the cluster is encrypted with a Customer managed Key (CMK).

Fix - Runtime

AWS Console

There is no current way of enabling encryption on an existing notebook, it will need to be recreated.

Fix - Buildtime

Terraform

**Resource: ** aws_sagemaker_endpoint_configuration
Argument: kms_key_arn, specifying a KMS key will ensure data encryption.

This modification will result in the resource being recreated.

go aws_sagemaker_endpoint_configuration.examplea.tf resource “aws_sagemaker_endpoint_configuration” “example” { … name = “my-endpoint-config” + kms_key_arn = aws_kms_key.examplea.arn production_variants { variant_name = “variant-1” model_name = aws_sagemaker_model.examplea.name initial_instance_count = 1 instance_type = “ml.t2.medium” } … }