# Protect Data at Rest Using Encryption
Amazon SageMaker AI automatically encrypts your data using an AWS managed key for Amazon S3 (SSE-S3) by default for the following features: Studio notebooks, notebook instances, model-building data, model artifacts, and output from Training, Batch Transform, and Processing jobs.
For cross-account access, you must specify your own customer managed key when creating SageMaker AI resources, as the default AWS managed key for Amazon S3 can't be shared across accounts. For data output to Amazon S3 Express One Zone, the data is encrypted using server-side encryption with Amazon S3 managed keys (SSE-S3). Additionally, data output to Amazon S3 directory buckets can't be encrypted with server-side encryption using AWS Key Management Service keys (SSE-KMS). For more information on AWS KMS, see [What is AWS Key Management Service?](https://docs.aws.amazon.com/kms/latest/developerguide/overview.html)
**Topics**
+ [Studio notebooks](encryption-at-rest-studio.md)
+ [Notebook instances, SageMaker AI jobs, and Endpoints](encryption-at-rest-nbi.md)
+ [SageMaker geospatial capabilities](geospatial-encryption-at-rest.md)
# Studio notebooks
In Amazon SageMaker Studio, your SageMaker Studio notebooks and data can be stored in the following locations:
+ An S3 bucket – When you onboard to Studio and enable shareable notebook resources, SageMaker AI shares notebook snapshots and metadata in an Amazon Simple Storage Service (Amazon S3) bucket.
+ An EFS volume – When you onboard to Studio, SageMaker AI attaches an Amazon Elastic File System (Amazon EFS) volume to your domain for storing your Studio notebooks and data files. The EFS volume persists after the domain is deleted.
+ An EBS volume – When you open a notebook in Studio, an Amazon Elastic Block Store (Amazon EBS) is attached to the instance that the notebook runs on. The EBS volume persists for the duration of the instance.
SageMaker AI uses the AWS Key Management Service (AWS KMS) to encrypt the S3 bucket and both volumes. By default, it uses a KMS key managed in an AWS service account. For more control, you can specify your own customer managed key when you onboard to Studio or through the SageMaker API. For more information, see [Amazon SageMaker AI domain overview](gs-studio-onboard.md) and [CreateDomain](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_CreateDomain.html).
In the `CreateDomain` API, you use the `S3KmsKeyId` parameter to specify the customer managed key for shareable notebooks. You use the `KmsKeyId` parameter to specify the customer managed key for the EFS and EBS volumes. The same customer managed key is used for both volumes. The customer managed key for shareable notebooks can be the same customer managed key as used for the volumes or a different customer managed key.
**Important**
The working directory of your users within the storage volume is `/home/sagemaker-user`. If you specify your own AWS KMS key, everything in the working directory is encrypted using your customer managed key. If you don't specify a AWS KMS key, the data inside `/home/sagemaker-user` is encrypted with an AWS managed key. Regardless of whether you specify an AWS KMS key, all of the data outside of the working directory is encrypted with an AWS Managed Key.
# Notebook instances, SageMaker AI jobs, and Endpoints
To encrypt the machine learning (ML) storage volume that is attached to notebooks, processing jobs, training jobs, hyperparameter tuning jobs, batch transform jobs, and endpoints, you can pass a AWS KMS key to SageMaker AI. If you don't specify a KMS key, SageMaker AI encrypts storage volumes with a transient key and discards it immediately after encrypting the storage volume. For notebook instances, if you don't specify a KMS key, SageMaker AI encrypts both OS volumes and ML data volumes with a system-managed KMS key.
You can use an AWS managed AWS KMS key to encrypt all instance OS volumes. You can encrypt all ML data volumes for all SageMaker AI instances with a AWS KMS key that you specify. ML storage volumes are mounted as follows:
+ Notebooks - `/home/ec2-user/SageMaker`
+ Processing - `/opt/ml/processing` and `/tmp/`
+ Training - `/opt/ml/` and `/tmp/`
+ Batch - `/opt/ml/` and `/tmp/`
+ Endpoints - `/opt/ml/` and `/tmp/`
Processing, batch transform, and training job containers and their storage are ephemeral in nature. When the job completes, output is uploaded to Amazon S3 using AWS KMS encryption with an optional AWS KMS key that you specify and the instance is torn down. If an AWS KMS Key is not provided in the job request, SageMaker AI uses the default AWS KMS key for Amazon S3 for your role's account. If the output data is stored in Amazon S3 Express One Zone, it is encrypted with server-side encryption with Amazon S3 managed keys (SSE-S3). Server-side encryption with AWS KMS keys (SSE-KMS) is not currently supported for storing SageMaker AI output data in Amazon S3 directory buckets.
**Note**
The key policy for an AWS Managed Key for Amazon S3 cannot be edited, so cross-account permissions cannot be granted for these key policies. If the output Amazon S3 bucket for the request is from another account, specify your own AWS KMS Customer Key in the job request and ensure that the job's execution role has permissions to encrypt data with it.
**Important**
Sensitive data that needs to be encrypted with a KMS key for compliance reasons should be stored in the ML storage volume or in Amazon S3, both of which can be encrypted using a KMS key you specify.
When you open a notebook instance, SageMaker AI saves it and any files associated with it in the SageMaker AI folder in the ML storage volume by default. When you stop a notebook instance, SageMaker AI creates a snapshot of the ML storage volume. Any customizations to the operating system of the stopped instance, such as installed custom libraries or operating system level settings, that are saved outside of the folder `/home/ec2-user/SageMaker` are lost. Consider using a lifecycle configuration to automate customizations of the default notebook instance. When you terminate an instance, the snapshot and the ML storage volume are deleted. Any data that you need to persist beyond the lifespan of the notebook instance should be transferred to an Amazon S3 bucket.
If the notebook instance isn't updated and is running unsecure software, SageMaker AI might periodically update the instance as part of regular maintenance. During these updates, data outside of the folder `/home/ec2-user/SageMaker` is not persisted. For information about maintenance and security patches, see [Maintenance](nbi.md#nbi-maintenance).
**Note**
Certain Nitro-based SageMaker AI instances include local storage, depending on the instance type. Local storage volumes are encrypted using a hardware module on the instance. You can't use a KMS key on an instance type with local storage. For a list of instance types that support local instance storage, see [Instance Store Volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#instance-store-volumes). For more information about storage volumes on Nitro-based instances, see [Amazon EBS and NVMe on Linux Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html).
For more information about local instance storage encryption, see [SSD Instance Store Volumes](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ssd-instance-store.html).
# SageMaker geospatial capabilities
You can protect your data at rest using encryption for SageMaker geospatial.
**Server-Side Encryption with Amazon SageMaker geospatial owned key (Default)**
Amazon SageMaker geospatial capabilities encrypts all your data, including computational results from your `EarthObservationJobs` and `VectorEnrichmentJobs` along with all your service metadata. There is no data that is stored within Amazon SageMaker AI unencrypted. It uses a default AWS owned key to encrypt all your data.
**Server-Side Encryption with KMS Keys Stored in AWS Key Management Service (SSE-KMS)**
Amazon SageMaker geospatial capabilities supports encryption using a customer-owned KMS key. For more information, see [Use AWS KMS Permissions for Amazon SageMaker geospatial capabilities](https://docs.aws.amazon.com/sagemaker/latest/dg/geospatial-kms.html).