kms_key in sagemaker.processing.Processor should default to output_kms_key
#4874
Comments
|
This is well-thought out! My thoughts are: And in the estimator case, it's only when the buckets are the same (output and code) that it's applied.
Probably because it's generally safe to assume if the bucket is the same and the output has some encryption, the same encryption can be applied to the code, whereas not applying it to the code might not work for uploading due to bucket policies. Maybe this logic was added as a fix to get around some common user errors caused by bucket encryption policies. Actually it might make sense for the estimator to encrypt the code with a |
Describe the bug
The
kms_keyused to encrypt either the user code file or local inputs when uploading to S3 should default tooutput_kms_key.This would align the behaviour of with
sagemaker.estimator.Estimatorwhereoutput_kms_keyis used to encrypt the tar'd user training code when uploading to S3.Also, since
output_kms_keyis resolved from the config it means thatkms_keycan inherit this default from the config.To reproduce
A clear, step-by-step set of instructions to reproduce the bug.
The provided code need to be complete and runnable, if additional data is needed, please include them in the issue.
Expected behavior
The
kms_keyshould default tooutput_kms_key. This can be implemented in either:sagemaker.processing.Processor._normalize_argssagemaker.processing.Processor._normalize_inputsScreenshots or logs
If applicable, add screenshots or logs to help explain your problem.
System information
A description of your system. Please provide:
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: