Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to reencrypt SageMaker domain with a new KMS key?

0

Hi, my current domain was created using a previous KMS key. Now I want to retire the key and use a new key. How should I proceed?

Topics
Machine Learning & AISecurity, Identity, & ComplianceStorage
Tags
Amazon SageMaker DeploymentAmazon SageMakerAWS Key Management Service
Language
English
asked 3 years ago608 views
1 Answer
0

Hello there,

When you create a domain with a KmsKeyId specified [1]: AWS SageMaker uses the KMS key to encrypt the EFS volume attached to the domain. As mentioned from AWS EFS documentation [2], after an EFS file system has been created, its encryption settings cannot be altered. As such you cannot change the KMS Key of an existing EFS file system.

References

[1] https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html [2] https://docs.aws.amazon.com/efs/latest/ug/encryption-at-rest.html

AWS
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content