# Data protection in Amazon SageMaker Unified Studio Data protection The AWS [shared responsibility model](https://aws.amazon.com/compliance/shared-responsibility-model/) applies to data protection in Amazon SageMaker Unified Studio. As described in this model, AWS is responsible for protecting the global infrastructure that runs all of the AWS Cloud. You are responsible for maintaining control over your content that is hosted on this infrastructure. You are also responsible for the security configuration and management tasks for the AWS services that you use. For more information about data privacy, see the [Data Privacy FAQ](https://aws.amazon.com/compliance/data-privacy-faq/). For information about data protection in Europe, see the [AWS Shared Responsibility Model and GDPR](https://aws.amazon.com/blogs/security/the-aws-shared-responsibility-model-and-gdpr/) blog post on the *AWS Security Blog*. For data protection purposes, we recommend that you protect AWS account credentials and set up individual users with AWS IAM Identity Center or AWS Identity and Access Management (IAM). That way, each user is given only the permissions necessary to fulfill their job duties. We also recommend that you secure your data in the following ways: + Use multi-factor authentication (MFA) with each account. + Use SSL/TLS to communicate with AWS resources. We require TLS 1.2 and recommend TLS 1.3. + Set up API and user activity logging with AWS CloudTrail. For information about using CloudTrail trails to capture AWS activities, see [Working with CloudTrail trails](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-trails.html) in the *AWS CloudTrail User Guide*. + Use AWS encryption solutions, along with all default security controls within AWS services. + Use advanced managed security services such as Amazon Macie, which assists in discovering and securing sensitive data that is stored in Amazon S3. + If you require FIPS 140-3 validated cryptographic modules when accessing AWS through a command line interface or an API, use a FIPS endpoint. For more information about the available FIPS endpoints, see [Federal Information Processing Standard (FIPS) 140-3](https://aws.amazon.com/compliance/fips/). We strongly recommend that you never put confidential or sensitive information, such as your customers' email addresses, into tags or free-form text fields such as a **Name** field. This includes when you work with Amazon SageMaker Unified Studio or other AWS services using the console, API, AWS CLI, or AWS SDKs. Any data that you enter into tags or free-form text fields used for names may be used for billing or diagnostic logs. If you provide a URL to an external server, we strongly recommend that you do not include credentials information in the URL to validate your request to that server. For more information about data protection, inluding data encryption, encryption at rest, encryption in transit, key management, and inter-network traffic privacy for various AWS services that inter-operate with Amazon SageMaker Unified Studio, see the following: + [Data Protection in Amazon SageMaker](https://docs.aws.amazon.com/sagemaker/latest/dg/data-protection.html) + [Data Protection in Amazon Managed Workflows for Apache Airflow](https://docs.aws.amazon.com/mwaa/latest/userguide/data-protection.html) + [Data protection in Amazon Redshift](https://docs.aws.amazon.com/redshift/latest/mgmt/security-data-protection.html) + [Data protection in Amazon EMR](https://docs.aws.amazon.com/emr/latest/ManagementGuide/data-protection.html) + [Data protection in Amazon DataZone](https://docs.aws.amazon.com/datazone/latest/userguide/data-protection.html) + [Data protection in Amazon Q Business](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/data-protection.html) and [Data protection in Amazon Q Developer](https://docs.aws.amazon.com/amazonq/latest/qdeveloper-ug/data-protection.html) + [Data protection in Athena](https://docs.aws.amazon.com/athena/latest/ug/security-data-protection.html) + [Data protection in Amazon Bedrock](https://docs.aws.amazon.com/bedrock/latest/userguide/data-protection.html) + [Data protection in AWS Glue](https://docs.aws.amazon.com/glue/latest/dg/data-protection.html) # KMS Permissions for resources provisioned by Amazon SageMaker Unified Studio You can encrypt the resources provisioned by Amazon SageMaker Unified Studio with your customer managed AWS KMS keys. You can do this by adding to your default KMS key policy the permissions that you can find in the following policy for the Tooling blueprint config. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Id": "key-policy-for-smus", "Statement": [ { "Sid": "AllowKmsPermissionsForCloudWatch", "Effect": "Allow", "Principal": { "Service": "logs.us-east-1.amazonaws.com" }, "Action": [ "kms:Encrypt*", "kms:Decrypt*", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:Describe*" ], "Resource": "*", "Condition": { "ArnLike": { "kms:EncryptionContext:aws:logs:arn": [ "arn:aws:logs:us-east-1:111122223333:log-group:datazone-*", "arn:aws:logs:us-east-1:111122223333:log-group:airflow-*", "arn:aws:logs:us-east-1:111122223333:log-group:aws/mwaa-serverless*" ] } } }, { "Sid": "RedshiftCreateGrantKmsPermissions", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerProvisioning-111122223333" }, "Action": "kms:CreateGrant", "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" }, "StringLike": { "kms:ViaService": [ "redshift-serverless.*.amazonaws.com" ] } } }, { "Sid": "AthenaKmsPermissions", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerProvisioning-111122223333" }, "Action": "kms:GenerateDataKey", "Resource": "*", "Condition": { "StringEquals": { "aws:CalledViaLast": "athena.amazonaws.com", "aws:ResourceAccount": "${aws:PrincipalAccount}" } } }, { "Sid": "EmrServerlessKmsPermissions", "Effect": "Allow", "Principal": { "Service": "emr-serverless.amazonaws.com" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "ArnLike": { "aws:SourceArn": "arn:aws:emr-serverless:us-east-1:111122223333:/applications/*" } } }, { "Sid": "EmrServerlessKmsPermissionsForProvisioning", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerProvisioning-111122223333" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*" }, { "Sid": "AirflowCreateGrantKmsPermissions", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerProvisioning-111122223333" }, "Action": "kms:CreateGrant", "Resource": "*", "Condition": { "StringEquals": { "aws:ResourceAccount": "${aws:PrincipalAccount}" }, "StringLike": { "kms:ViaService": [ "airflow.*.amazonaws.com", "airflow-serverless.*.amazonaws.com" ] } } }, { "Sid": "AllowKmsKeyUsageForSageMakerDomain", "Effect": "Allow", "Principal": { "Service": [ "datazone.amazonaws.com" ], "AWS": [ "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerDomainExecution" ] }, "Action": [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey", "kms:CreateGrant" ], "Resource": "*" }, { "Sid": "AllowSageMakerDomainKmsGrantPermissions", "Effect": "Allow", "Principal": { "Service": [ "datazone.amazonaws.com" ], "AWS": [ "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerDomainExecution" ] }, "Action": [ "kms:ListGrants", "kms:RevokeGrant" ], "Resource": "*" }, { "Sid": "GrantKMSPermissionsForAllProjectRoles", "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Condition": { "StringEquals": { "aws:PrincipalTag/AmazonDataZoneDomain": "dzd_0123456789", "kms:EncryptionContext:aws:datazone:domainId": "dzd_0123456789", "kms:ViaService": [ "datazone.us-east-1.amazonaws.com" ] } } } ] } ``` ------ # KMS permissions for exporting asset metadata in Amazon SageMaker Unified Studio **Topics** + [ ## Granting the Amazon SageMaker Catalog export service principal and S3 Tables maintenance service principal permissions to your KMS key ](#export-asset-metadata-kms-permissions-service-principal) + [ ## IAM permissions required for the principal for exporting ](#export-asset-metadata-kms-permissions-service-principal-exporting) ## Granting the Amazon SageMaker Catalog export service principal and S3 Tables maintenance service principal permissions to your KMS key All data in S3 tables are encrypted with SSE-S3 encryption by default. You can choose to encrypt your data with AWS Key Management Service (AWS KMS) keys (SSE-KMS). If you choose to encrypt your data with KMS keys, you must have additional permissions. For Amazon SageMaker Catalog, these permissions are required so that your data can be encrypted when exporting the data into the S3 tables. Note that the KMS key used for export feature can be same or different than the one used for Amazon SageMaker Catalog domain. To read more about how Amazon SageMaker Catalog domain data encryption works at rest, see [Data encryption at rest for Amazon DataZone](https://docs.aws.amazon.com/datazone/latest/userguide/encryption-rest-datazone.html). To allow Amazon SageMaker Catalog access on SSE-KMS encrypted tables, you can use the following example key policy. The policy allows `maintenance.s3tables.amazonaws.com` service principal to use a specific KMS key for encrypting and decrypting tables in a specific table bucket. To use the policy, replace the user input placeholders with your own information: To read more about the S3 maintenance service principal, see [Permissions required for S3 Tables SSE-KMS encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-tables-kms-permissions.html). ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "EnableSystemTablesKeyUsage", "Effect": "Allow", "Principal": { "Service": "systemtables.sagemaker-catalog.amazonaws.com" }, "Action": [ "kms:DescribeKey", "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": "arn:aws:kms:region:111122223333:key/key-id", "Condition": { "StringEquals": { "aws:SourceAccount": "111122223333" } } }, { "Sid": "EnableKeyUsage", "Effect": "Allow", "Principal": { "Service": "maintenance.s3tables.amazonaws.com" }, "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": "arn:aws:kms:region:111122223333:key/key-id", "Condition": { "StringLike": { "kms:EncryptionContext:aws:s3:arn": "arn:aws:s3tables:region:111122223333:bucket/*" } } } ] } ``` ## IAM permissions required for the principal for exporting When your Amazon SageMaker Catalog domain is encrypted using AWS Key Management Service (AWS KMS) keys, you need to grant permissions to the principals that will allow them to enable [exporting](https://docs.aws.amazon.com/sagemaker-unified-studio/latest/userguide/export-asset-metadata.html) the asset metadata. The policy below grants the IAM principal access to decrypt a specific Amazon SageMaker Catalog domain. To read more about how Amazon SageMaker Catalog domain data encryption works at rest, see [Data encryption at rest for Amazon DataZone](https://docs.aws.amazon.com/datazone/latest/userguide/encryption-rest-datazone.html). ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "Allow access to principal to manage an Amazon SageMaker catalog domain with the given domain id", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/ExampleRole" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "arn:aws:kms:region:111122223333:key/key-id", "Condition": { "StringEquals": { "kms:EncryptionContext:aws:datazone:domainId": "dzd_sampleid" } } } ] } ``` # Amazon Bedrock in SageMaker Unified Studio KMS Permissions + **KMS Key Policy — Amazon DataZone domain key and the Tooling blueprint Key**: manually set the following key policy to the domain key and the Tooling blueprint key. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "Allow administrators to manage key", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::444455556666:role/ExampleAdminRole" }, "Action": [ "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:TagResource", "kms:UntagResource", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion", "kms:RotateKeyOnDemand" ], "Resource": "*" }, { "Sid": "Allow administrators and SageMaker domain execution role to encrypt and decrypt DataZone data", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::444455556666:role/ExampleAdminRole", "arn:aws:iam::444455556666:role/ExampleDomainUser", "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerDomainExecution" ] }, "Action": [ "kms:CreateGrant", "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "StringLike": { "kms:EncryptionContext:aws:datazone:DOMAIN_ID": "domain_id" } } }, { "Sid": "Allow SageMaker provisioning role to encrypt and decrypt Amazon Bedrock resources", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/service-role/AmazonSageMakerProvisioning-111122223333" }, "Action": [ "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", "kms:GenerateDataKey" ], "Resource": "*" }, { "Sid": "Allow SageMaker project roles to describe key", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:root" }, "Action": "kms:DescribeKey", "Resource": "*", "Condition": { "Null": { "aws:PrincipalTag/AmazonDataZoneProject": "false" } } }, { "Sid": "Allow SageMaker project roles to encrypt and decrypt data in Tooling blueprint S3 bucket", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:root" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "Null": { "aws:PrincipalTag/AmazonDataZoneProject": "false" }, "StringLike": { "kms:ViaService": "s3.*.amazonaws.com" } } }, { "Sid": "Allow SageMaker project roles to encrypt and decrypt Amazon Bedrock secrets", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:root" }, "Action": [ "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "Null": { "aws:PrincipalTag/AmazonDataZoneProject": "false" }, "StringLike": { "kms:ViaService": "secretsmanager.*.amazonaws.com" }, "ArnLike": { "kms:EncryptionContext:SecretARN": "arn:aws:secretsmanager:*:*:secret:amazon-bedrock*" } } }, { "Sid": "Allow SageMaker project roles to encrypt and decrypt Amazon Bedrock data", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:root" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "Null": { "aws:PrincipalTag/AmazonDataZoneProject": "false" }, "ForAnyValue:StringLike": { "kms:EncryptionContextKeys": [ "aws:bedrock*", "evaluationJobArn" ] } } }, { "Sid": "Allow Amazon Bedrock to encrypt and decrypt Amazon Bedrock data", "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "*", "Condition": { "ForAnyValue:StringLike": { "kms:EncryptionContextKeys": [ "aws:bedrock*", "evaluationJobArn" ] } } }, { "Sid": "Allow Amazon Bedrock to create and revoke grants for Amazon Bedrock resources", "Effect": "Allow", "Principal": { "Service": "bedrock.amazonaws.com" }, "Action": [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ], "Resource": "*", "Condition": { "Bool": { "kms:GrantIsForAWSResource": "true" } } }, { "Sid": "Allow CloudWatch Logs to encrypt and decrypt Amazon Bedrock log groups", "Effect": "Allow", "Principal": { "Service": "logs.amazonaws.com" }, "Action": [ "kms:Decrypt*", "kms:Describe*", "kms:Encrypt*", "kms:GenerateDataKey*", "kms:ReEncrypt*" ], "Resource": "*", "Condition": { "ArnLike": { "kms:EncryptionContext:aws:logs:arn": "arn:aws:logs:*:*:log-group:/aws/lambda/amazon-bedrock*" } } } ] } ``` ------ + **AmazonSageMakerDomainExecution role — inline Policy**: manually attach the following to the AmazonSageMakerDomainExecution role or any role that is used for domain execution role in IAM console. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "KmsDescribeKeyPermissions", "Effect": "Allow", "Action": "kms:DescribeKey", "Resource": "arn:aws:kms:us-east-1:111122223333:key/dzd-12345" }, { "Sid": "KmsPermissions", "Effect": "Allow", "Action": [ "kms:CreateGrant", "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "arn:aws:kms:us-east-1:111122223333:key/dzd-12345", "Condition": { "StringLike": { "kms:EncryptionContext:aws:datazone:domainId": "dzd*" } } } ] } ``` ------ + **AmazonSageMakerProvisioning- role - inline Policy**: manually attach the following to the AmazonSageMakerProvisioning- role or the role that is used as the provisioning role in the IAM console. ------ #### [ JSON ] **** ``` { "Version":"2012-10-17", "Statement": [ { "Sid": "KmsDescribeKeyPermissions", "Effect": "Allow", "Action": "kms:DescribeKey", "Resource": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, { "Sid": "ToolingBlueprintS3BucketKmsPermissions", "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "Condition": { "StringLike": { "kms:ViaService": "s3.*.amazonaws.com" } } }, { "Sid": "LambdaFunctionKmsPermissions", "Effect": "Allow", "Action": [ "kms:CreateGrant", "kms:Decrypt", "kms:Encrypt" ], "Resource": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "Condition": { "StringLike": { "kms:ViaService": "lambda.*.amazonaws.com" }, "ArnLike": { "kms:EncryptionContext:aws:lambda:FunctionArn": "arn:aws:lambda:*:*:function:amazon-bedrock*" } } }, { "Sid": "SecretsManagerKmsPermissions", "Effect": "Allow", "Action": [ "kms:Decrypt", "kms:Encrypt", "kms:GenerateDataKey" ], "Resource": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "Condition": { "StringLike": { "kms:ViaService": "secretsmanager.*.amazonaws.com" }, "ArnLike": { "kms:EncryptionContext:SecretARN": "arn:aws:secretsmanager:*:*:secret:amazon-bedrock*" } } }, { "Sid": "BedrockKmsPermissions", "Effect": "Allow", "Action": [ "kms:CreateGrant", "kms:Decrypt", "kms:GenerateDataKey" ], "Resource": "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "Condition": { "StringLike": { "kms:ViaService": "bedrock.*.amazonaws.com" }, "ForAnyValue:StringLike": { "kms:EncryptionContextKeys": "aws:bedrock*:arn" } } } ] } ``` ------