By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to reencrypt SageMaker domain with a new KMS key?

0

Hi, my current domain was created using a previous KMS key. Now I want to retire the key and use a new key. How should I proceed?

Topics
Security, Identity, & ComplianceMachine Learning & AI
Tags
AWS Key Management ServiceAmazon SageMakerAmazon SageMaker Deployment
Language
English
rePost-User-1767494
asked a year ago299 views
1 Answer
0

Hello there,

When you create a domain with a KmsKeyId specified [1]: AWS SageMaker uses the KMS key to encrypt the EFS volume attached to the domain. As mentioned from AWS EFS documentation [2], after an EFS file system has been created, its encryption settings cannot be altered. As such you cannot change the KMS Key of an existing EFS file system.

References

[1] https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html [2] https://docs.aws.amazon.com/efs/latest/ug/encryption-at-rest.html

AWS
Karabo-SageMaker
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content