-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kms_key
in sagemaker.processing.Processor
should default to output_kms_key
#4874
Comments
This is well-thought out! My thoughts are: And in the estimator case, it's only when the buckets are the same (output and code) that it's applied.
Probably because it's generally safe to assume if the bucket is the same and the output has some encryption, the same encryption can be applied to the code, whereas not applying it to the code might not work for uploading due to bucket policies. Maybe this logic was added as a fix to get around some common user errors caused by bucket encryption policies. Actually it might make sense for the estimator to encrypt the code with a |
Describe the bug
The
kms_key
used to encrypt either the user code file or local inputs when uploading to S3 should default tooutput_kms_key
.This would align the behaviour of with
sagemaker.estimator.Estimator
whereoutput_kms_key
is used to encrypt the tar'd user training code when uploading to S3.Also, since
output_kms_key
is resolved from the config it means thatkms_key
can inherit this default from the config.To reproduce
A clear, step-by-step set of instructions to reproduce the bug.
The provided code need to be complete and runnable, if additional data is needed, please include them in the issue.
Expected behavior
The
kms_key
should default tooutput_kms_key
. This can be implemented in either:sagemaker.processing.Processor._normalize_args
sagemaker.processing.Processor._normalize_inputs
Screenshots or logs
If applicable, add screenshots or logs to help explain your problem.
System information
A description of your system. Please provide:
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: